Elizabeth Newman oversees card security at $1 billion Credit Union of Texas, and every month she prepares a written report for the board of directors on the credit union’s card portfolio, including the number of fraud attempts; the number of fraud claims, including the overall dollar amount in question; the amount collected; and what is being done to safeguard cards.

Annually, Newman, who oversees the CU’s card security program, also provides the board with overall information on the card security provisions the CU is taking, as well as on the plastic card coverage the CU carries through CUNA Mutual Group. The CU’s card security provisions include card activation (cards are sent out in an inactive mode and members have to call and verify their identity to activate the card); neural networks monitoring actively for fraud; and daily ATM and debit spending limits to keep a thief from getting too much in one day.

“The board has to stay on top of card security,” says CUES Director member Ada Williams, chairman of the board for the Dallas-based CU. “Our board is secure in what we know is going on in that area. We have to be careful to separate what the board does and the staff does. We can’t interfere, but we can ask for management to explain things.”

The ongoing discussion with the board about card security has helped Newman when tough decisions have to be made, such as blocking specific groups of card transactions to protect members against fraud.

Newman explains that those blockings have included certain international country codes, such as when mass fraud attempts were being made from Turkey. The credit union also had to block all Internet transactions for a short time because of mass fraud attempts.

“You don’t want to inconvenience your card holder, but fraud inconveniences them with paperwork. We’re not scared to make those decisions to block certain groups of transactions. We have safeguards in place to curtail fraud, and those safeguards help the board understand why hard decisions, such as to block transactions, are made,” says Newman.

Chuck Cashman suggests that boards also be shown their CU’s rating on CUNA Mutual’s Plastic Card Online Risk Assessment tool, free to CUs that have a bond policy (which covers internal fraud) with the Madison, Wis.-based CUES Supplier member.

According to Cashman, director of CU protection product management at CUNA Mutual, the 24-question assessment probes such things as “Does your fraud management system have the authority to block suspicious accounts (24x7x365) if they are unable to contact the member?” and “Do you review declined expiration date reports?” and “How often do you review declined expiration date reports?” (A declined expiration date report details card transactions that were declined because either someone was trying to use an expired card or a criminal is trying to figure out the expiration date that would match a stolen card number.)

Based on the answers given, the tool rates the fraud protection level of the CU’s card program as good, fair or cautionary. The recommendations the tool provides should be given to the board as well, says Cashman.

He also recommends that the board know about the fraud prevention tools the credit union does and does not use and the reasons why. He suggests that some tools may simply be too expensive, especially for smaller credit unions. Smaller credit unions, however, may have fraud prevention options through their card processors.

“It is important to create awareness to understand risks involved in a credit card program,” he says. “Someone needs to take the initiative to review updates and keep the board updated.”