18 HќќѠіђџȱ юћјђџ Ѣћђȱ2014 23(5$7,216 7(&+12/2*< Financial institution professionals and their cardholders, as well ȱȱȱȱęȱ services organizations, are understandably on edge these days. ȱȬęȱȬȬȱ security breaches have revealed a pressing need to reevaluate card security. While the investigations into the breaches will likely sharpen defenses in the future, now is the ȱȱȱȱȱ¡ȱ¢ȱĴǯ The Threat Landscape Fraudsters have proved to be intelligent, coordinated, strategic ȱ¢ǯȱ ȱęȱ ¢ȱ Rights Clearinghouse calculates ȱǰȱȱęȱ institutions and retail outlets, have reported 1,571 breaches involving 470 ȱȱęȱȱ over the past nine years. ȱĴȱȱȱDzȱ they are the result of deliberate ěȱȱȬȱǯȱ ȱȱȱȱ last holiday season probably were launched much earlier in the year, with hackers compromising systems, exploring how much they could do without being detected, then waiting patiently for a convenient moment to exploit their plan. The risk of similar events will continue to challenge the ȱ¢ǰȱȱęȱ institutions can expect increased scrutiny of everything, ranging from the standards and practices of technology service providers and their core processors to the type of payment cards issued. Third-party risks were already in the crosshairs of regulators prior ȱȱǰȱ ȱȱ Ĝȱȱ the Comptroller of the Currency issuing updated guidance for banks to shore up defenses by improving their vendor management programs. ȱȱȱ ȱȱ Șȱ standard has been boosted by the breaches. Time for Planning A fraud incident response plan is an essential tool that can provide structure and rational thinking during the stress and anxiety that accompany these types of events. ¢ȱęȱȱȱȱ not have a formalized plan in place should consider developing one as part of its risk management process. During the chaotic and emotional response to recent holiday breaches, it was easy to distinguish between ȱęȱȱȱȱȱ plan in place — and had rehearsed these situations — from those that did not. A plan takes into account the trying conditions that accompany a fraud incident, and ȱȱęȱȱ with a framework for making critical business decisions. ȱ ȱȱȱȱȱ incident response plan include: % ęȱȱȬȱ activity to aid in the rule strategy development process; % Contact information for all process participants, including internal and external departments, vendors, decision-makers, approvers, etc. Planning Now Can Limit Future Data Breach Losses яќѢѡȱѡѕђȱ Ѣѡѕќџ Eric Lillard is vice president of fraud and operations for PULSE, a Discover Financial Services company headquartered in Houston. He joined the company in 2010 and is accountable for delivering fraud miti- ȱȱȱȱȱȱ ȱ ® ȱǯȱ ¢ȱ ȱ ȱȱ - ȱ ȱȱŗŗȱ¢ȱȱȱ ¢ȱ ǯǰȱȱ information security consultancy. He earned a bachelor’s degree from Southern Illinois University and is ȱȱȂȱȱȱ ȱ ȱ ¢ǯȱ ȱȱȱ ȱȱȱŞřŘȬŘŗŚȬŖŗŘŜǰȱDZȱȓ ǯǯȱ ȱȱ an associate member of the Indiana Bankers Association.
RkJQdWJsaXNoZXIy MTg3NDExNQ==