|
|
| New Data Security Breach (Visa - 2009-088-IC & MasterCard 150-US-09) – More Information - Friday, February 13, 2009Earlier this week, Visa and MasterCard began issuing accounts involved in a merchant processor breach. The reported incident involves confirmed unauthorized access to a U.S. acquirer processor’s settlement system of stored transaction information that included Primary Account Numbers (PANs) and expiration dates. No magnetic stripe track data has been identified at risk in this alert. As the entity involved has not yet issued a press release, Visa and MasterCard are unable to release the name of the merchant processor.
It is important to note that this event is not related to the Heartland Payment Systems breach. While it has been confirmed that malicious software was placed on the processor’s platform, there is no forensic evidence that accounts were viewed or taken by the hackers. Since the final forensic report has not been provided there is no estimate available at this time of the number of accounts involved in this event. Law enforcement is activity engaged in an investigation into this situation.
Visa began releasing affected accounts on Monday, February 9, 2009 under CAMS event series US- 2009-0088-IC. They expect to have all accounts released by Friday, February 13. MasterCard began releasing accounts on Wednesday, February 11, 2009 under MC Alert series MCA0150-US-09. They have not provided any information as to when they expect to have all their accounts released. The current window of exposure provided by both card associations is from February 2008 through January 2009. The only data elements at risk are account number and expiration date. No track data, PIN, CVV2/CVC2 data or cardholder-identifying information was captured. As in all events, it is the issuer’s decision whether or not a block and/or reissue decision is warranted. However, we would like to emphasize that this event carries a lower level of risk than the Heartland compromise.
Please keep in mind that it is likely that your specific credit union will not receive accounts on all lists. If you do not receive a particular list in the series, it simply means that you had no accounts involved. It is also important that you review the details on each alert, as additional information may be provided that is specific to those accounts. These details may help you in determining how to handle those particular accounts.
If your credit union has accounts that were involved in this compromise event, you will be notified through MasterCard Alerts and/or Visa CAMS. Principal and Associate members receive these alerts directly through MasterCard and Visa. All others will receive their alerts from FIS through E-Reports. FIS is processing these alerts as quickly as they can.
As with all alerts received from the Card associations, you should maintain all documentation relevant to these accounts and any actions you take on these accounts to enable you to file a fraud case or a claim for reimbursement in the event fraud does occur and the event becomes eligible. Feel free to call your Credit Union Representative with any questions you may have.
|
|
| NEW Data Security Breach (Visa 2009-088-IC) - Thursday, February 12, 2009Visa held a conference call today to alert Members about a new compromise that they recently became aware of. We have been advised that some credit unions have already begun to see the Alerts in Compromise Manager, however the they have not yet been distributed via E-Reports. We anticipate they will begin arriving tomorrow, Friday, February 13, 2009. Here is what we know so far:
The security breach occurred at a Merchant Processor. Visa is not disclosing the name or location of the Merchant Processor.
This is a very large compromise, similar to the Heartland compromise, but slightly smaller.
There are going to be at least 24 different alerts.
Track Data WAS NOT compromised, only account numbers and expiration dates.
Compromise data is not sufficient to create counterfeit cards that would lead to card present fraudulent transactions.
Period of exposure is transactions from about February 2008 through August 2008.
Since track data was not compromised, we are not suggesting that you block and transfer these compromised accounts. Chargeback rights should exist for all Card Not Present transactions simply by the cardholder asserting a dispute for the unauthorized transactions.
Please watch your E-Reports, Compromise Manager, if you are enrolled and CardNet for more information as it becomes available.
|
|
| Fraud Alert and Compromise Assistance Tools™ - Wednesday, February 04, 2009To help our credit unions easily and effectively manage this and future events, FIS offers their COMPROMISE MANAGER solution. COMPROMISE MANAGER is an effective tool to manage the actions required to process compromised accounts. With the cardholder data for each compromised account available at your fingertips for risk evaluation, you can quickly and easily determine the actions to take for account blocking and cardholder communications. In addition, specific risk data is made available from these events to assist Fraud Alert Management (formerly called Falcon), in preventing additional fraud through the use of fraud strategies at no additional charge.
As a reminder, FIS has created a secured method for clients to deliver all accounts associated with previously notified events, so they can become available in your COMPROMISE MANAGER application. Once you have confirmation that your enrollment is complete, just send FIS your institution’s Visa and MasterCard alerts for this event through our secured COMPROMISE MANAGER Upload Utility. FIS can also backload this data for a nominal fee so you will be able to manage this event from its onset through the COMPROMISE MANAGER application. Instructions on submitting Visa and MasterCard alerts for this event are included with this communication to speed up this process.
How to Get Started
To enroll and receive the full protection of COMPROMISE MANAGER for this event and beyond, you can visit us FIS at
www.FISOneVoice.com/compromisemanager, contact an FIS representative at 1-888-933-8637 (press 1 twice), or e-mail us at FISOneVoice@FNIS.com.
Sample – COMPROMISE MANAGER Upload Utility
Submitting Visa/MasterCard Alerts for Uploading into COMPROMISE MANAGER
**You must be enrolled in COMPROMISE MANAGER to use this service**
1. Visit FIS’s secure, encrypted COMPROMISE MANAGER Upload Utility at
https://safeforms.certegy.com/cmute.nsf/fReport.
2. Save the provided Excel spreadsheet template file to your PC desktop.
3. Copy the alert data into the spreadsheet and save the file.
a. When exporting your alert lists into the spreadsheet, be certain to define the cell contents for the account number as “text” to ensure the integrity of the full account number.
4. Fill out the information on the upload utility page form and attach the Excel spreadsheet containing the alert data to the form using the BROWSE button on the Web site.
5. SUBMIT the completed for with the alert file attached.
You must submit each Visa/MasterCard alert SEPARATELY by completing the above steps for each alert. Turnaround time is 24-48 hours from completion of the COMPROMISE MANAGER set up. A fee of $50.00 per alert/event submitted will be charged with this option.
We will provide additional information as it becomes available through future CardNet Newsflashes and Card OPS, and at www.fisriskmanagement.com. If you are not currently registered for this Web site, please visit www.fisriskmanagement.com to enroll. There is no cost to register. If you have any questions, please contact your Credit Union Service Representative.
|
|
 | FIS Presents FREE Dispute and Fraud Webcasts - Monday, February 02, 2009Processing Fraud and Dispute cases for your cardholders can be complicated. Fortunately, you have FIS Chargeback Services to process these transactions for you. Even so, you want to be equipped with a clear understanding of these processes so you can fulfill your role in delivering great service to your cardholders.
The goal of this Webcast is to help you learn:
- The responsibilities of the cardholder, your credit union and FIS in resolving dispute and fraud cases.
- The chargeback timeframes followed when processing cases.
- How to use key tools and resources provide by FIS for managing the fraud and dispute resolution process.
- How to confidently answer basic questions from cardholders about fraud and dispute case processing.
This Webcast is strongly recommended for any credit union employee who is responsible for fulfilling your day to day responsibilities for cards that are lost or stolen or working with fraud and dispute cases. It will be delivered as a 90 minute Webcast via Microsoft LiveMeeting accompanied by a conference call. Simply choose from these available dates, complete the Registration Form and fax it directly to FIS at (727) 570-4871.
- Wednesday, February 11, 2009 – 2:00–3:30
- Thursday, February 26, 2009 – 11:00-12:30
- Wednesday, March 4, 2009 – 2:00-3:30
FIS will then send you a confirmation e-mail with the Webcast access information. These Webcasts are being provided FREE of charge by FIS exclusively for credit unions serviced by the Pennsylvania Credit Union Association. If you have any questions, please contact your Credit Union Service Representative.
|
|
| More Compromise Assistance Tools Available - Friday, January 23, 2009With the news of the “largest compromise ever”, Visa has made several tools available on their website to assist your credit union with managing this and other compromises. For your convenience, we’re making them available to you:
|
|
| 2009 Card Services Educational Calendar - Wednesday, January 14, 2009
|
|
|
|
|
 |
|
|