On Sept. 8, 2014, Home Depot confirmed in a press release that its payment data systems have been breached, potentially affecting its nearly 2,200 U.S. and Canadian stores. Home Depot’s investigation is focusing on a timeframe from April 2014 forward.
According to Home Depot, the at-risk information includes full track data. PIN block data is NOT believed to be at risk at this time, nor is any information from its e-commerce site.
Visa began distributing at-risk accounts to issuers based on preliminary information provided by Home Depot as early as Sept. 9.
The criminals apparently had enough information to get some banks to reset customers’ PINs. Banks are reporting that thieves were able to change the PINs on the cards using the banks’ automated IVR systems. Issuers have reported PIN debit fraud at ATMs in Canada. Additionally, some consumers have reported receiving spam emails phishing for personal financial data in conjunction with the breach.
In a public statement, ICBA said that the costs of reissuing cards should ultimately be borne by the party that experiences the breach.
ICBA Recommends the Following to Community Banks and Customers:
*When a community bank is contacted for a PIN reset or change request, implement a stronger authentication process by requiring the cardholder to accurately supply all necessary information before processing the request. Consider asking for the last financial transaction the customer conducted and/or the name, if any, of a joint customer on the account.
*Consider instituting a “call back customers” process for PIN change and PIN reset requests, to ensure such requests are valid.
*Advise customers to review account activity frequently—either online or over the phone—and immediately report any suspicious card activity back to the bank.
*Consider putting a section on your bank’s website with suggestions on ways that customers can protect themselves against a breach. Updating customers on the status of any current breaches could also be placed here. Providing information in an easily accessible location helps your customers find the appropriate information quickly, reducing confusion and phone calls to the bank.
As scheduled, the unlimited insurance coverage for noninterest-bearing transaction accounts provided under the Dodd-Frank Wall Street Reform and Consumer Protection Act expired on December 31, 2012. Deposits held in noninterest-bearing transaction account are now aggregated with any interest-bearing deposits the owner may hold in the same ownership category, and the combined total insured up to at least $250,000.
Attempts to defraud are on the rise. First Neighborhood Bank will not ask for personal information through email or by phone. if you have any questions about whether a call or email is valid, please call one of our offices immediately.
Paper savings bonds will no longer be sold at financial institutions after December 31, 2011. But they’re not going away — electronic savings bonds can be purchased online through TreasuryDirect. Read more...