Banks react decisively to Target data breach
Several financial institutions serving central Ohio are contacting their debit- and credit-card customers who have been affected by the major information breach that recently struck Target.
Most of the banks are monitoring customer accounts for fraudulent activity and telling customers to do the same. However, some banks also are limiting per-day purchases and ATM withdrawals with the cards, or simply reissuing the cards to prevent future fraud.
Meanwhile, the nation's second-largest discount retailer is facing almost two dozen customer lawsuits after hackers attacked its computers and stole data from as many as 40 million debit and credit cards used at Target stores from Nov. 27 through Dec. 15.
"We're in touch with our clients via email, social media, our call centers and our branches" to provide them with information about how the breach could affect them, said KeyBank spokeswoman Drez Jennings.
Like most financial institutions, KeyBank also is offering information about the breach on its website.
Local customers have been receiving phone calls and emails from banks and credit unions this week, telling them that their names, debit- or credit-card numbers, expiration dates and three-digit security codes may have been exposed, said Emily Smith, spokeswoman for JPMorgan Chase & Co.
Bank customers typically are not liable for losses because of fraudulent activity on their credit and debit cards, but debit cards pose a greater risk because they act like main lines to customer bank accounts and lack the consumer protections afforded by credit cards.
Last week, some banks were concerned that customers' personal identification numbers for bank accounts also had been compromised.
But, "At this time, we do not believe that PINs were compromised as part of the security breach at Target," said Fred Solomon, senior vice president of communications for PNC Bank, in an email. " If the situation changes, we may consider reissuing cards or lower card limits, but we currently believe that would inconvenience many more customers than it would help."
Columbus-based Huntington Bancshares, as well as Chase, are taking the most drastic action: replacing debit and prepaid cards affected by the breach.
"We are replacing all cards identified at ... possible risk," said Huntington spokesman Brent Wilder in an email. "Replacement cards are in the process of being distributed by mail. This process is on schedule for completion by early January."
Wilder could not say yesterday how many cards would be replaced.
On Dec. 21, Chase temporarily limited 2 million customers to ATM withdrawals of $100 per day and purchases of $300 per day with their debit and prepaid cards, called Chase Liquid cards, spokeswoman Smith said.
"Late in the day, we limited withdrawals at ATMs in the United States to $250 per day and purchases to a total of $1,000 a day," Smith said. "We will continue to monitor the accounts and may make adjustments as appropriate."
Meanwhile, PNC Bank has tightened its fraud monitoring and is urging customers "to monitor their own accounts and to be suspicious of e-mails and telephone calls asking for personal information or asking to validate card information," said spokesman Fred Solomon in an email. Banks such as PNC " will never call you to ask for your Social Security number or PIN," Solomon said.
Customers need not cancel their cards "unless we alert them to suspicious card activity, or they themselves see unauthorized charges to their accounts," he said. "PNC has refunded the accounts of customers who have seen questionable charges, in most cases immediately, while we investigate."
Kemba Financial Credit Union in Gahanna reported on its website yesterday that some central Ohio Walmart and Meijer customers also had reported fraudulent credit- or debit-card activity.
Frank Guglielmi, director of public relations for Meijer, the Michigan-based grocery store chain, said there has been no breach of credit- or debit-card information at his company's stores.
However, customers who used Meijer-brand credit or prepaid cards, which are issued by GE Capital Retail Bank, at Target during the period of compromise may have been affected by the breach, Guglielmi said.
Information from Bloomberg News was included in this story.
©2013 The Columbus Dispatch (Columbus, Ohio)
Visit The Columbus Dispatch (Columbus, Ohio) at www.dispatch.com
Distributed by MCT Information Services