Blog

7 steps to minimizing data breach fallout, part 1

May 27, 2014 by Jim Ghiglieri — Senior Vice President, Corporate Communications, SHAZAM

Many financial institutions have felt the sting of recent breaches — and there could be more to come. Dealing with the aftermath is frustrating, time-consuming and, in some cases, costly.

Fortunately, community FIs can take steps to prepare for the next time hackers and fraudsters successfully victimize the industry. In this post, I’ll share four of what we at Shazam believe are the seven best practices for FIs to apply:

Instant issuance. Mass reissuance projects following a breach can strain the card systems and processes that are essential to fast, convenient card replacement. FIs can combat long lines and customer frustration with an instant-issuance strategy.
Compromised card notifications. Most FIs receive compromised card alerts from their payment processors. However, it’s important not to assume that they processors retain this information indefinitely. Some store this data for only seven days. FIs should save compromised card lists to an internal folder immediately upon receipt.
Mass reissuance. It’s important to weigh whether an immediate mass reissue is really necessary. With sufficient fraud management services, affected cards are automatically queued and monitored closely to catch counterfeit fraud. Often these systems are highly sophisticated and can effectively balance fraud mitigation and cardholder convenience.
Hot-carding. Card managers should determine how the FI will handle what’s called the “hot card.” The intent of the hot-carding process is to prevent thieves from using the card, even with the PIN. It’s a best practice not to hot-card prior to cardholders receiving their new cards in a mass reissue, however FIs that choose to do so should have a defined process in place for cardholder notification.

Stay tuned; I will share the remaining three steps in my next post.