Banks urge cardholders to watch accounts after breach

Consumers getting notices from banks or credit unions about possible fraud on their credit cards should take an active, daily role in monitoring their accounts, area bank officials say. First reported on Jan. 19, East Coast credit card company Heartland Payment Systems said a vast number of U.S. credit cards may have been compromised during a security breach in 2008. The company handles card transactions for 250,000 businesses, and about 30 percent of those are restaurants, said Dave Bennett, publicity director for the Washington Credit Union League. The Seattle-based association represents 127 state credit unions. Some area banks and credit unions have already begun issuing new credit or debit cards. Max Faller, president of Coeur d’Alene-based Bank CDA, said about 50 cardholders of a total of 1,000 bank members have been identified to date. All their cards will be replaced, he said, noting, “We require that, as we feel that’s the most careful approach.” Other banks or credit unions are receiving updated lists of cards that possibly have been compromised. “Probably every bank and credit union in Washington will be affected by this breach,” said Bennett, noting that the Heartland exposure may become the largest security breach ever. Up to now the reported loss of up to 45 million card numbers by TJX Companies, in 2007, was the largest reported security breach. Heartland handles about 100 million card transactions a month and is the sixth largest card processor in the U.S. A spokesman said the company isn’t saying how many cards could have been at risk during 2008, when the breach occurred. The company said it closed the security hole in November 2008 but didn’t say when the security breach may have started. Bennett said Heartland is the recommended provider of card services for members of the Washington State Restaurant Association. Anyone who used a card at nearly any Washington restaurant during the breach period of 2008 is part of the security breach, Bennett said. Area institutions that have so far contacted Spokane and North Idaho cardholders include large and small credit unions and most area banks. Horizon Credit Union said it will replace 3,000 debit or credit cards. Much smaller Spokane Media Federal Credit Union has mailed two groups of notices. The first went to 330 card holders whose numbers might be compromised. This week the 1,200-member credit union sent out 30 more notices for numbers newly reported as possibly compromised. Spokane Media Credit Union is the only institution so far in the area that reports a member’s card was used in card fraud. Most of the reports of fraudulent activity related to the Heartland event are on the East Coast, according to media reports. Spokane Teachers Credit Union posted a note of warning for members on its Web site at www.stcu.org. Spokeswoman Keely Barrett said the 78,000-member credit union has not determined how many cards fall in the Heartland group. The credit union uses direct notices to its members if security software spots any suspicious card activity, Barrett said. The first line of defense, said Bennett of the credit union league, is active monitoring and quick reporting of any suspicious activity. In general, consumers are protected against credit card fraud; debit card fraud, while not carrying the same protection, is usually not held against a consumer, he said. Bennett urged cardholders to report suspicious card activity immediately to the bank or credit union as well as to law enforcement, including a state attorney general. Susan Horton, president and CEO of Spokane-based Wheatland Bank, said the Internet makes it easier for cardholders to monitor their accounts. “You no longer have to wait for your monthly statement. Going online daily lets you monitor that account very well,” Horton said. Wheatland has issued about 6,300 Visa credit or debit cards. Of those, about 300 customers have been notified they are in the potentially compromised group, Horton said. Bennett said he distrusts Heartland statements saying that the card breach won’t lead to identity theft on the belief that Social Security numbers and addresses were not exposed. “In this age of Google searches, finding data about any consumer is not difficult. Data thieves will go to great lengths to find out what else they might be able to get,” he said.