Even if you haven’t had fraud on your personal card from one of the many merchant data breaches, you’re still being affected. Whether it’s Target, Home Depot, Sally Beauty Supply (twice), or a merchant transaction processor we’ve never heard of, card issuers like Metro must enact security measures that, unfortunately, affect our members.
Recently, fraud losses at ATMs were so high that we had to temporarily decrease the maximum withdrawal limit per day. Other breaches have forced us to decrease daily spending limits, and these merchant data breaches have become so common that spending limits for out-of-area transactions are always lower.
If you’ve shopped at a data breached merchant, and who hasn’t shopped at Target or Home Depot, you’ve likely had to deal with one or more card reissues. While we always try to reissue your new card before your old, breached card is blocked, it is still a hassle, especially if you use your card for recurring bills or purchases.
How to avoid inconvenience and protect yourself
Despite the hundreds of thousands of dollars in fraud and costs Metro has experienced from merchant data breaches, there is little we can do to force merchants to better protect card payment information. However, there are things you can do to both avoid inconvenience and better protect yourself.
1. Let us know when you’re traveling
Because stolen card numbers are frequently used in places you never travel to, spending limits and fraud recognition thresholds are lower for transactions out of area. If you plan to travel, let us know in advance and we can ensure your card works properly away from home.
2. Beware of Phishing Scams
Criminals frequently try to exploit merchant data compromises by posing as a financial institution to get more information. You might get a text or email or even a phone call from a criminal posing as your card issuer.
This can be confusing because often during a fraud event, the real card issuer (Metro CU) could be contacting you to verify recent card activity. The key is to never provide card information, account information, PINs, or passwords to someone initiating contact with you. Only verify information that they are providing you. If after speaking with someone, you still have a question, or are suspicious as to the nature of the call, simply call Metro at a published phone number.
3. Check Your Statement
While some criminals attempt to clean out accounts or max out cards right away, others perform smaller fraudulent transactions over time. Look at your account on a regular basis and report unusual activity immediately.
4. Contact Lawmakers
Contact your Senator or Congressman, and ask them to support S. 961 in the Senate or H.R. 2205 in the House. Both bills would require merchants and merchant processors to take steps to better protect the card information you provide when you shop with them. Based on the frequency with which these data breaches are occurring, public opinion alone isn’t going to get merchants to shore up their data.
Metro to introduce EMV “Chip” Cards
In an effort to curb some of the fraud that occurs today, Metro will soon be introducing EMV Chip Debit and Credit cards. EMV stands for Europay, MasterCard and VISA. What this means to you, is that your new Metro Credit or Debit card will have a small computer chip embedded in the plastic. The chip creates a unique, one-time transaction code each time your card is used. So, even if criminals successfully hack into merchant data bases or skim a card at the merchant terminal, they will not have the necessary one-time Chip code to profit from future fraudulent transactions. Most financial institutions are reissuing Debit and Credit Cards this year. Metro is scheduled to reissue both in August.
This 2015 system-wide reissue is one of the reasons so much fraud is occurring right now. Criminals are trying to use as many already stolen card numbers as possible. The hackers are even offering “sale prices” for stolen card numbers online. Metro cardholders have been part of three material merchant breaches already this year. However, once the EMV reissue occurs, all of those stolen card numbers will be useless. In the meantime, we expect more breaches.
Service to Members Remains Our Priority
As a member owned institution, our responsibility is to serve you. That means we’ll do whatever is possible to keep your card(s) working and your funds safe. Unfortunately, the reality is that we are likely to see future card breaches. We will do everything possible to minimize the inconvenience to cardholders.
We understand how important having the convenience of Credit and Debit cards is, and we will work to keep them functioning, convenient and safe.