Breach prompts move by card issuers

Many Capital Region residents will soon have to begin the tedious task of establishing new direct-pa

Many Capital Region residents will soon have to begin the tedious task of establishing new direct-payment accounts for everything from phone services to gym memberships as area banks and credit unions respond with a heavy hand to the security breach at Hannaford supermarkets.

Attempting to shield consumers from the theft of personal credit and debit card numbers at Hannaford, some area financial institutions have resorted to their standard practice of issuing new cards to affected cardholders.

“We’re taking proactive steps to ensure our members’ accounts are safe and secure,” said a spokesman for SEFCU, the region’s largest credit union.

At SEFCU, that means 30,000 new credit and debit cards will go out to members over the following three weeks. That is twice the number of cards SEFCU reissued last year when hackers stole customer information from TJX Companies, the Framingham, Mass., parent of the T.J. Maxx and Marshalls chains.

SEFCU’s Hannaford-sparked reissuance dwarfs the 5,000 cards the Albany credit union sent out after a similar breach at BJ’s Wholesale Club in 2004, according to spokesman John DeCelle.

He said the cost to the credit union would be limited to the price of plastic and postage, though he did not have an estimate of the total.

TrustCo Bank is reissuing 13,000 cards — more than three times the 4,000 cards it sent out after the TJX breach, said Kevin Timmons, the vice president and treasurer of the Glenville bank.

First New York Federal Credit Union is another financial institution that responds to retailer security breaches with blanket card reissuances. A quarter of First New York’s card base was affected by the breach, said Walter Everhardt, marketing director for Colonie credit union.

“We’re trying to err on the side of caution,” said Everhardt.

The higher volume of reissued cards suggests the Hannaford breach is having a greater impact in the region, even though over 10 times more accounts were compromised in the TJX breach.

The TJX incident occurred when hackers broke into a company database. In a new tactic, thieves obtained credit and debit card numbers and expiration dates from Hannaford as customers paid for their groceries at checkout counters.

The banks and credit unions are only replacing cards customers used at Hannaford and other affected stores during the period of the breach, which lasted from Dec. 7 to March 10. So far, 1,800 incidents of fraud connected to the breach have been reported.

The Scarborough, Maine-based Hannaford Bros. has 164 Northeast supermarkets under its flagship brand and 106 Sweetbay stores in Florida.

“We have not had a single customer have a loss due to this. We are doing this proactively,” said Timmons at TrustCo.

TD Banknorth has identified instances of fraud related to the Hannaford breach, but it is not reissuing cards on a mass scale, said Jennifer Carlson, a public affairs officer for the Portland, Maine-based bank.

Twenty percent of 1st National Bank of Scotia’s card base was affected by the breach, but it is not reissuing cards on a mass scale. The Scotia bank believes its security systems will be able to monitor and control the problem, said 1st National President John Buhrmaster.

“To cut off everyone’s cards … causes great inconveniences for customers,” said Buhrmaster.

Even without a recall, responding to the breach will cost the bank thousands of dollars, he said.

KeyBank credit and debit cardholders accounted for 2 percent of the 4.2 million accounts compromised at Hannaford. Lynne Woodman, a spokeswoman for the Cleveland-based bank, did not know whether any compromised KeyBank debit cards had been used fraudulently.

“We were, frankly, a small fry in the breach. But clearly, if your card was affected, then you don’t think this is a small fry,” Woodman said.

KeyBank’s branded credit cards are issued by CitiGroup in New York. Citi spokesman Sam Wang said in an e-mail that the credit card issuer will notify and issue new cards “to some customers whom we believe may be subject to increased risk.”

Wang would not say how many cards were affected by the Hannaford breach.

Categories: Schenectady County

Leave a Reply