It's still too early to estimate the total costs to U.S. creditunions from the Target card breach, according to executives whose organizationsare tracking the numbers.
|CUNA said it will collect loss data from all card-issuingcredit unions, but stressed that participation in the survey wouldbe voluntary. However, CUNA Spokesman Ben Fishel said theassociation hoped for a good response due to the large number ofcards compromised.
|“Frankly, we started collecting the data because we anticipatedsome lawmakers might want to see it,” Fishel explained, adding thatCUNA might release the survey data as a summary.
|Ann Davidson, senior consultant for risk management at CUNAMutual Group, the primary insurer for the majority of U.S. creditunions, said it was still too early to calculate losses from thebreach because the card brands have not yet released lists of allcompromised card numbers.
|Until the card brands and processors deliver all the lists, itis impossible for credit unions to know how many cards might becompromised, what their responses will be and the associated costs,she said.
|Another lingering question is what the breach might mean to thePCI Data Standard, which card brands and processors havepromulgated to help defend credit and debit cards from these sortsof breaches.
|Bob Russo, general manager of the PCI Security StandardsCouncil, said standards are merely the beginning of protectionagainst theft, not the complete solution.
|“It's important to remember that the PCI DSS is the floor forcard data security, not the ceiling,” he said. “A card dataenvironment is under constant threat, so businesses must ensuretheir safeguards are also under constant vigilance, monitoring andwhere necessary, ongoing improvement. A layered approach tosecurity is absolutely necessary to protect sensitive payment carddata – without ongoing vigilance or a comprehensive securitystrategy, organizations may be just a change control away fromnoncompliance. Organizations must make protecting cardholder data adaily priority, not a one-time exercise, he added.
|“An intrusion need not result in card data compromise if anorganization is following the 12 guiding requirements of the PCIDSS,” Russo said.
Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.
Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Critical CUTimes.com information including comprehensive product and service provider listings via the Marketplace Directory, CU Careers, resources from industry leaders, webcasts, and breaking news, analysis and more with our informative Newsletters.
- Exclusive discounts on ALM and CU Times events.
- Access to other award-winning ALM websites including Law.com and GlobeSt.com.
Already have an account? Sign In
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
