Home > Financial Services Information Security News > Credit unions, banks replace credit cards after Heartland breach
Financial Services Information Security News:
EMAIL THIS

Credit unions, banks replace credit cards after Heartland breach

By Marcia Savage, Features Editor, Information Security magazine
28 Jan 2009 | SearchFinancialSecurity.com

Enterprise IT news roundup
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google

Scores of credit unions and banks are notifying customers and issuing new credit cards in the wake of the Heartland Payment Systems Inc. breach.
SearchFinancialSecurity.com:
To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

The Princeton, N.J.-based payment processor announced Jan. 20 that its system was breached last year when intruders installed malware that snatched data crossing the company's network. Heartland hasn't disclosed the number of credit cards affected, but notifications from many financial institutions across the country indicate the potentially massive scale of the breach.

State Employees' Credit Union in North Carolina said more than 60,000 of its members were affected by the Heartland breach. To protect its members, the credit union reissued new credit card numbers and personal identification numbers for members that were possibly compromised.
Heartland data security breach:
First lawsuit filed in Heartland data security breach: A class action lawsuit was filed against Heartland claiming that the payment processor issued belated and inaccurate statements when it announced a security breach of its systems.

Payments processor discloses massive data breach Company says an intrusion of its processing system may be part of a broader fraud operation.

Data breach study ties fraud losses to Hannaford, TJX breaches: Experts say breach costs are far reaching and could lead banks and merchants to find alternative payment methods.

"We're taking the most costly but the most conservative approach," said Leigh Brady, senior vice president of education services at SECU.

Leanne Phelps, senior vice president of SECU's Card and Record Services department said in a statement released Sunday, "The breach at HPS has probably affected every financial institution in the country; while not all institutions will reissue cards and PINs, SECU feels it can best protect its members with this action."

Industry observers have said the Heartland breach could be larger than the TJX data security breach, in which 45.7 million credit and debit cards were stolen. Heartland serves more than 250,000 businesses and handles more than 4 billion transactions per year.

"Although the exact number of affected cards is not known, it is expected to be many millions," Chuck Cashman, plastic card insurance product executive at CUNA Mutual Group, a Madison, Wis.-based provider of financial services to credit unions, said in a prepared statement last week.

About 4,000 Washington State Employees Credit Union members were affected by the Heartland breach, said spokeswoman Ann Flannigan. The credit union is processing a complete reissue of affected debit and credit cards.

"We go to great lengths to protect our membership and it is standard for us to reissue cards automatically when we get notification of something like this. It's costly -- both in terms of dollars and personnel time -- but it's the right thing to do on our members' behalf and one of those things we think distinguishes WSECU from other institutions," Flannigan wrote in an email. "It's not acceptable for us to wait and see if something happens. We're proactive."

In a notice on its website, Notre Dame Federal Credit Union said it had blocked a few more than 2,000 cards that were reported as compromised in the Heartland breach.

"The decision to block the affected cards was made for the cardholder's protection, as well as for that of the credit union," the organization said. While the credit union said it hasn't discovered any fraud on its members' accounts, it added, "the threat of fraud is very real, and therefore, all exposed cards were blocked, and new cards have been issued for affected members."

The Association of Vermont Credit Unions said the Heartland breach affected 6,000 cards at credit unions on its ATM/debit card program, as well as thousands more at other Vermont credit unions.

The association said its processor, Fifth/Third Processing Solutions, informed it of the breach Jan. 9 as details were unfolding, prompting it to begin working with its credit unions, its processor and MasterCard to deactivate and reissue compromised cards.

Other financial institutions affected by the Heartland intrusion include:

  • TD Bank and TD Banknorth said some customers were affected. The organization is monitoring cards for suspicious activity but said it doesn't have plans to reissue credit or debit cards, citing the strength of its fraud detection software.
  • PeoplesChoice Credit Union in Maine said some members were affected and will receive new cards. Most of its members will be unaffected, the organization said.
  • Wright-Patt Credit Union in Ohio said it was reissuing credit and debit cards to members whose cards were affected by the breach.
  • Heartland said the breach did not affect merchant data, cardholder Social Security numbers, unencrypted personal identification, addresses or phone numbers.

    On Tuesday, a Pa.-based law firm filed a class-action lawsuit against Heartland, claiming the company issued belated and inaccurate statements when it announced its systems were hacked.

    Tags: Debit and credit card fraud preventionBusiness partner and vendor security issuesData breaches and prevention strategiesRisk assessment and management in financial institutionsVIEW ALL TAGS

    Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google



    RELATED CONTENT
    Debit and credit card fraud prevention
    Bank Trojan used against German accounts evades antifraud systems
    California man sentenced in online brokerage scam
    Identity Theft Assistance Center marks five years of helping victims
    Fighting fraud: Understanding technology and threats
    Defendants in banking fraud scheme accused of exploiting regulation
    Credit union launches online banking suite with strong authentication
    Winning the war: Personal information protection
    ATM malware used in Russia lets attackers control machines
    When security outweighs common sense
    Diebold ATMs in Russia targeted with malware

    Business partner and vendor security issues
    Don't forget the cleaning crew in your vendor management program
    Vendor contract management: Regulatory guidance is risk-based
    Vendor audit and monitoring contractual rights
    Data breach protection: Implementing vendor breach safeguards
    How to manage security risks in vendor contracts
    Vendor risk management: process and documentation
    Download presentations from Financial Information Security Decisions 2009
    Advocacy group looks to foster trust in foreign service providers
    Shared Assessments aims to ease third-party security evaluations
    Security questions to ask SaaS vendors when outsourcing services

    Data breaches and prevention strategies
    Bank computer technician indicted in identity theft scheme
    Survey: Consumers don't trust banks to keep their data secure
    ChoicePoint settles with FTC over second data security breach
    Data breach lawsuit puts spotlight on bank's security measures
    Google ordered to deactivate Gmail account after bank email error
    Threat of insider fraud growing with bad economy
    Data breach protection: Implementing vendor breach safeguards
    Zeus Trojan hitting banking customers hard
    TJX settles with banks for $525,000
    RBS WorldPay agrees to market VeriFone end-to-end encryption

    RELATED GLOSSARY TERMS
    Terms from Whatis.com − the technology online dictionary
    card verification value  (SearchFinancialSecurity.com)
    PAN truncation  (SearchFinancialSecurity.com)

    RELATED RESOURCES
    2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
    Search Bitpipe.com for the latest white papers and business webcasts
    Whatis.com, the online computer dictionary



    • Financial Security News Topics: Compliance, Management Strategy, Security Technology
    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    SEARCH 
    TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Site Map




    All Rights Reserved, Copyright 2008 - 2009, TechTarget | Read our Privacy Policy     		  TechTarget - The IT Media ROI Experts