April 17, 2012

Dear Card Services for Credit Unions® Credit Union CEO:

A lot was written in the press last week regarding FIS and information security and I would like to take a moment of your time to address this important topic from the Card Services for Credit Unions® perspective.  Card Services for Credit Unions® and FIS have been card processing partners since 1989 and have worked hard to earn the trust you place in both organizations.  Today, nearly 2,700 credit unions are Card Services for Credit Unions® members and utilize the card processing services of FIS.  I can assure you Card Services for Credit Unions® and its Board of Directors, as well as FIS take information security very seriously.  Last week, FIS senior executives met with the Card Services for Credit Unions® Board to discuss FIS’s information security initiatives. The meeting included FIS’s recently hired Chief Information Security Officer, Greg Schaffer, who previously held an executive level position with the U.S Department of Homeland Security.

One of the items written about last week was a reference to a publicly disclosed cyberattack that occurred in early 2011 on one of FIS’s prepaid platforms.  Within FIS, there are more than a dozen separate credit, debit, EFT, prepaid and core processing platforms utilized by Card Services for Credit Unions® member credit unions.  Neither FIS, nor Card Services for Credit Unions® is aware of any Card Services for Credit Unions® credit union that was impacted by the attack on the prepaid platform.  Following the attack, FIS self-reported the event and indicated they had taken all the appropriate steps necessary to secure the data.  In addition, FIS engaged third party forensic firms to conduct an extensive review which led to a series of recommendations which FIS has implemented.  There have been no further confirmed reports of losses related to that event. 
 
Because of the sensitivity of information security, Card Services for Credit Unions® can assist member credit unions to obtain access to FIS’s secure portal to obtain updates directly from FIS.  If you need assistance to gain access to the secure FIS portal, please contact Keith Nolan at keith.nolan@fisglobal.com.

Please be assured, the Card Services for Credit Unions® Board of Directors, which is made up of nine credit union CEO’s from across the country, consider information security a critical priority of the highest magnitude. As a credit union CEO, they, like you, want assurance their member’s data is secure and they bring that same level of concern as a Card Services for Credit Unions® Director representing your interest as a member of Card Services for Credit Unions®.  In addition, FIS senior management meets regularly with the Card Services for Credit Unions® Board.  In fact, Greg Schaffer will be addressing FIS’s information security initiatives at Card Services for Credit Unions®’s Annual Meeting April 26th and 27th.

We will continue to stay on top of this. We will be meeting with FIS on a regular and frequent basis and will keep you apprised of developments in FIS’s information security initiatives.