Credit card processor breach at Heartland affecting banks, customers

Banks forced to go through expensive process of notifying customers, reissuing cards


Feb. 6--Local banking institutions continue to deal with what might be the biggest financial security breach in U.S. history.

Thousands of debit cards are being canceled by banks as a safety precaution after last month's announcement that criminals had installed malicious software on the computer network of Heartland Payment Systems, the nation's sixth-largest payment processor.

Although Heartland is not sure how much data was affected, lists of potentially stolen card numbers are stilling being sent out. On Tuesday, Beacon Credit Union announced it had decided to cancel all 4,500 cards affected.

Security Federal Savings Bank received notification this week that 961 card numbers, on top of more than 200 others from last month, had been compromised.

"We've been receiving listings of card numbers that were reported as being in the transactions that were compromised," said Deb Bohm, electronic services officer at Security Federal.

Heartland processes some 100 million transactions a month for Visa, MasterCard, American Express and Discover cards used at 250,000 merchants nationwide.

Contacting customers about their cards being canceled has been a challenge. Bohm said the bank's staff was doing all it can to resolve an issue that did not originate locally.

"We've got everyone that can spare five minutes working on it so that we can try to keep the impact to our customers as minimal as possible," Bohm said.

Sometimes the bank canceled the cards before notifying customers in order to prevent accounts from being drained.

"We felt it was better to go ahead and block the cards since we knew that they had reported fraud," Bohm said.

Fraudulent activity had been reported on some accounts, but bank officials are unclear whether the activity was a direct result of the Heartland breach.

New cards have been ordered. They will take at least a week to arrive.

Not all banks decided to reissue cards. Some across the country have relied on fraud-detection software and the due diligence of their customers.

Sheila Wildermuth, senior VP and information security officer at Logansport Savings Bank, said her bank had been notified of the breach, but so far had experienced no specific issues related to it. She stressed the necessity of account holders at all banks to monitor their accounts.

"They need to check their account daily, instead of waiting for their monthly statement," Wildermuth said. "Be accountable for what goes on in your account."

With that approach, fraudulent activity could be spotted sooner rather than later.

Wildermuth explained that the cost of a mass-reissuance of cards mounted quickly. Each card costs about $3, and with postage and processing fees, the expense could exceed $5 a card.

The culprits have yet to be captured. In an apology letter posted on the Princeton, N.J.-based company's Web site, Heartland CEO Robert Carr vowed to find out how the breach happened in order to prevent future attacks. The company is working with the Secret Service and the U.S. Department of Justice.