Major media outlets have big retail data breaches in their crosshairs. While consumer-centric stories featuring millions of lost or stolen records make for good headlines, the collateral damage from a large-scale data breach can be devastating to smaller companies. Credit unions face a particularly disproportionate amount of risk exposure due to the nature of their business. In addition, the relative financial strain placed on credit unions when a major breach occurs is larger than similarly sized for-profit companies.
Examining the costs starts with understanding how a data breach immediately affects credit unions.
Replacement card costs
When credit and debit card numbers are lost or stolen, replacements must be immediately issued. According to a recent article linking the Home Depot data breach to over $1 million in direct costs to a regional credit union, card replacement cost is cited at about $8 per card when all expenses are included. That’s a tough pill to swallow when the credit union carried no responsibility for the original data breach.
After a data breach occurs, credit card numbers and identities are often sold on the global black market. In fact, the Home Depot breach led to the sale of more than 282,000 credit and debit card numbers on the black market – and that number is just the report on numbers stolen from stores in Wisconsin. When members report stolen credit or debit card activities, credit unions must foot the bill while seeking reimbursement from retailers or businesses. That carrying cost can be immense and could potentially never be recouped.
Regardless of how members’ identities were stolen, the credit union’s name is often dragged into the media associated with the data breach. The negative press and the associations that come along with it can rub off on consumers, negatively impacting brand value. If the credit union isn’t quick to release information on the breach, that negative halo can linger, potentially driving away customers and creating bad word of mouth.
Credit unions need a plan
Credit unions can be proactive about their position by taking on a policy of proactive communication with members and by implementing secure practices that help ensure a data breach never comes from within. That means implementing a system that allows for secure enterprise file-sharing and collaboration that doesn’t slow down day-to-day operations and communicating important policies to employees and members alike. By getting ahead of the game, credit unions can soften the inevitable blow to the brand caused by an outside data breach, helping to retain members longer and shift the conversation from negative to positive.