CyberScout

After Target and Home Depot Breaches, What's Next for Data Security at Credit Unions?

With the massive data breach at Home Depot, financial institutions are feeling the pressure to adapt to new ways to fight against the techniques and tools employed by cybercriminals. While big banks might have the resources for IT security to handle cyberintrusions, data breaches might have a greater impact on smaller institutions like credit unions.

The Home Depot breach confirmed on Sept. 18 compromised an estimated 56 million debit and credit card numbers, Consumer Affairs reported

After the incident, credit unions reported losses from reissuing cards, fraud and other costs. Credit unions across the U.S. had to issue 7.2 million credit and debit cards as a result of the breach, with costs totaling $57.4 million, according to a survey by the Credit Union National Association. The Home Depot data breach costs were almost double that of the expenses connected to the incident at Target, when 40 million credit and debit cards were affected in the holiday season of 2013. 

With the high costs of data breaches to credit unions, these financial institutions are finding new ways to combat cybercriminals. 

Here are the potential cybersecurity changes for credit unions in the future:

Implementation of Chip and PIN Technology
When cybercriminals get their hands on the financial information of consumers, they could put this data up for sale on black markets. Reissuing new cards is an effective way to prevent thieves from making fraudulent purchases. However, it's expensive for credit unions as it cost an average of $2.64 per card in the case of the Home Depot breach, according to the CUNA survey.

Implementing more secure payment technology like chip and PIN credit cards could help curb the cost of reissuing credit and debit cards after a data breach as the more advanced cards would make it harder to copy data. In the past, retailers accused credit unions of not taking on chip and PIN technology by the date established by the financial industry, Credit Union Times reported. But changes in cybersecurity standards could necessitate this emerging technology. 

Stricter Data Security Standards
After the Home Depot breach, leaders of the credit union association called for tougher data security standards not only for credit unions, but across the board for segments of the economy that are especially vulnerable to cyberattacks, including the retail industry. 

"Congress has a role to play in addressing the issue of merchant data breaches by making sure all of the participants are playing by the same set of data security rules, and that merchants who hold consumer data and allow that data to be breached, are responsible for the costs incurred by others," CUNA President and CEO Jim Nussle said in a statement. 

With new data breach legislation making its way in Congress, improved security standards for private networks and point-of-sale systems could deter cybercriminals from stealing valuable information that could result in huge financial losses for credit unions and banks.