BankInfoSecurity.com - Information Security News, Regulations, & Education

Bank Information Security Articles

Fraud Incidents Tied to Heartland Data Breach

Credit
Eligible
As a BankInfoSecurity.com annual member, this content can be used toward your membership credits and transcript tracking. Click For More Info
Credit Unions Report Fraudulent Charges Against Members' Cards
February 5, 2009 - Linda McGlasson, Managing Editor
Share

Comment on this article

If your institution has been affected in the Heartland breach and you are not on this list, please send an email to editor@bankinfosecurity.com. Include your name, email, and a phone number where you may be contacted for verification.

The fraud against 16 credit cards of CU Community Credit Union members over one weekend last November puzzled the credit union's staff. The Springfield, MO-based credit union discovered nearly $11,000 in fraudulent charges against those cards.

At the time, the credit union didn't know what the fraud was related to, but staffers knew other financial institutions in the area were experiencing similar fraud, says Jenny Reynolds, vice president of marketing for the credit union. The credit cards were immediately blocked, and customers' accounts credited. Heartland Payment Systems data breach coverage

It wasn't until the credit union was contacted by its credit card company about the Heartland Payment Systems (HPY) data breach that the connection was made.

CU Community Credit Union is one of an unknown number of institutions that have been hit by the Heartland breach that was first made public on January 20.

Click to Get Updates on the Latest Information Security News

HealthFirst Federal Credit Union in Waterville, ME. Also had cards compromised in the breach. "This has been quite a ride for us," says Lynda Quirion, a credit union employee. "We've been involved in 'compromises' in the past, but certainly not to this extent."

HealthFirst was notified this week by its card services area that 261 of the credit union's member cards were compromised. However, Quirion explains that this wasn't when the card compromise first came to light. "On the morning of January 12, we got a call from a member who had money taken from her account by debit card and claimed the transactions were not hers," Quirion says. In all, there were about 130 members who had money debited from their accounts.

The credit union has cancelled all cards involved in the compromise and reissued new cards and PINs. "The cards were all VISA debit cards," Quirion says. The credit union did not receive notification of the compromise from VISA until this week. The credit union also had 38 MasterCard credit cards that were compromised. "A few of those experienced fraud on those cards, but that happened before January 12," Quirion says.

Heartland, the sixth-largest payments processor in the U.S., announced on Jan. 20 that its processing systems were breached in 2008, exposing an undetermined number of consumers to potential fraud.

Heartland has stated that each month last year it processed 100 million card transactions.

For more on the Heartland data breach, see our resource page






Question
Question
?Has your institution been affected by the Heartland dat breach?
Here's your chance to be a part of the dialogue and engage with your peers! Just enter your comment to the right, click submit to send it to our Editor. All entries are posted anonymously.
Please login if you would like to post a comment on this question.

"FI's impacted by the Heartland Breach, in my humble opinion, most likely will be in the hundreds if not thousands. (Not cards, actual institutions). We are a $275M bank and had 1,000 cards on the list. The issue is this: the FI's in this country -- banks and credit unions -- must come together and say, not on our time, not on our dime! The present system allows the merchant to avoid the brunt of the hit, and the two primary card issuers to avoid paying full compensation.

What to change in the system? It is very simple. Get states to put legislation with teeth in place that will make FI's whole, including labor costs for card reissues, fraud reimbursement, etc. I was told by a senior investigator that in many cases merchant security is more lax than a home computer. Shame on us as an industry. Card compromises raise our feathers for a few days, and then we roll over and take the beating. The time is now...let's send a signal to the compromised companies that it is on their dime, not ours!
"We're a $250 million bank, and we had over 1400 debit cards and 100 credit cards affected. Of course, we're reissuing all, so our staff hasn't had the time yet to go back and tie any losses to this incident.
"We had 18 customers with fraud in December as a result of the compromised cards for a total bank loss of $20,000. When we asked our processor about restitution from Heartland, they laughed! But I assume, Heartland had insurance, and certainly they are over their deductible so shouldn't we expect to be covered for our losses?
"Yes, we have been seeing an increase in the fraud lately, but were unable to tie it to any data breach until Heartland released all of the effected card numbers.

Topics of Interest

BITS

Storage

Vendor Management

CA Bill 1386

Data Loss

Web Security

Latest Tweets & Mentions

BankInfoSecurity.com Research

Recent Blog Entries

More Blogs Posts

Vendor Solutions

  • ArcSight ArcSight

    Solutions For:

    Compliance, Log Management, Security Event Management

  • SecurIT SecurIT

    Solutions For:

    Authentication, Identity Management, Security Monitoring

More Vendor Solutions

Marketplace

Advanced Search
Browse Topics
close

Agencies

Anti-Money Laundering


Banking Today

Business Continuity & Disaster Recovery

Compliance

Emerging Technology

Fraud

Governance & Standards

Identity Theft

Leadership & Management


Physical Security

Risk Management

Training & Education