By Marcy Stamper
Local banks have been notifying customers and issuing new cards to anyone whose debit cards may have been compromised in a widespread hacking into the systems of card processors in the fall and winter of 2013.
Depending on the timing of the notification and level of risk reported by fraud investigators, some debit cards were immediately put on hold to protect the consumer and the bank, according to Scott Anderson, president of North Cascades Bank. Putting the cards on hold protected the customers and alerted them to call the bank, he said.
This meant some people were surprised to find that they could not use their card to make a purchase, despite having money in their account.
“Unfortunately this could create an inconvenience, to make sure that bad guys are not using their cards,” said Anderson.
In all cases where the banks were notified of a potential risk, the bank has issued a new card and personal-identification number (PIN), which will take about two weeks to arrive, from the date of the bank’s request, said Anderson. “Darn near every consumer in the U.S. is getting a new card, so it’s taking a couple of weeks to get new plastics,” he said.
On Jan. 16, North Cascades Bank notified about 600 customers in North Central Washington whose debit-card information may have been accessed in the data breach, which primarily affected people using cards in November and December at Target and URM Stores, a group of grocery stores throughout the Northwest. Hank’s Harvest Foods in Twisp is a member of the URM group.
As soon as they found out there was a possible problem with the URM processing system for credit and debit cards, Hank’s switched to a hand-held system that was not vulnerable, said Hank Konrad, owner of the Twisp market.
Konrad said his store, like 99 percent of URM’s 380 stores, never had a problem, but that they wanted to be sure to protect customers’ information. “It slowed things down, but customers were very understanding,” he said. “We haven’t personally been breached, but we want to keep it that way.”
The information that might have been collected by hackers varies. It could include names, addresses, PINs, or a combination, said Anderson. There is no indication that Social Security numbers were involved, according to a Target fact sheet.
Banks have been notifying customers in stages because investigators keep finding more account numbers, said Anderson. North Cascades Bank customers can continue to use their debit cards until they receive a replacement or can elect to have the card blocked, said Anderson.
Anderson did not have a breakdown of the number of customers affected at North Cascades Bank branches, but said 10 percent of their customer accounts were involved.
At Farmers State Bank in Winthrop, only a handful of accounts have been affected and the bank immediately notified the customers and issued new cards, said president Edward Adams. Adams said they will remain on the lookout because hackers often wait to sell the stolen information.
The data breach has been widespread, affecting up to 70 million Target customers across the country, according to Target. Target closed the access point used by the hackers when they discovered the breach on Dec. 15. While not all customers were affected, Target advises people who shopped at their stores between Nov. 27 and Dec. 15 to be on the alert for suspicious charges.
URM was informed at the end of October about fraudulent charges and launched an investigation, but did not find signs of an attack until later in the fall. The company initiated an alternate and safe processing system as of Dec. 2.
URM said they believe the attack targeted data encoded in the magnetic stripe on the back of a card. The stolen information is typically used to make counterfeit cards, which may take some time to surface, meaning people should watch for suspicious activity into the future. This information is generally not used in identity theft, according to URM.
Bank and credit card customers are typically not held responsible for fraudulent charges, but should notify the financial institution promptly of any suspicious activity to ensure they are protected, according to URM.
People are also advised to be wary of scam telephone calls or emails that appear to offer protection in conjunction with the data breach.
North Cascades Bank: 997-2411
Farmers State Bank: 996-2243
URM Stores call center: (877) 237-7408
People can request a free annual credit report by calling (877) 322-8228 or visiting www.annualcreditreport.com.