Local banks working to resolve issues with compromised credit and debit cards
Area banks are working to resolve the problems created for customers by a recent and possibly ongoing compromise of credit and debit cards.
Lori Galor, Vice President of Information Systems at First State Bank Shannon/Polo/Lake Carroll, said Tuesday that all affected customers have been contacted.
Some have been "hot-carded", meaning their cards have been cancelled, while others have had their daily spending limits lowered, she said.
"Hot-carded" customers were to be issued new cards, she said.
They will also be reimbursed for puchases made illegally with the cards, Galor said.
"Card holders are not liable for losses in these cases," Galor said.
Galor, who works at the Polo branch of the bank, said 300 customers have been affected at all three of the bank's branches.
Their card processor Shazam has been regularly supplying the bank with a list of customers whose cards have been compromised.
Galor said the number of comprised cards being reported has slowed down in recent days, but she can't say if the compromise has been halted.
"It's settled down on what we're seeing on a daily list," she said. "But I can't say we won't get another list this week with 150 customers on it."
Becky Johnson, senior vice president at Forreston State Bank, agreed.
"Fortunately very, very few of our customers have been affected but that doesn't mean it's over yet," she said.
The cards compromised have been used in several states and even overseas, Galor said.
Customers at several area banks have been affected, and bank officials have been dealing with the issue for the past three weeks.
Cathy Cox,Vice President of Marketing & Information Systems at First National Bank, said Monday that their affected customers are also receiving new cards.
Stillman Bank, Community Bank of Oregon, and First National Bank (FNB) in Oregon and Rochelle, also issued online warning statements on their websites.
Others affected include Midland States Bank, Union Savings Bank, and Sterling Federal Bank.
German American State Bank President Jeff Sterling refused to comment Tuesday on the compromise.
"We would not comment on our customers' privacy," he said.
Federal authorities are investigating the fraud but the authority actually conducting the investigation has not been announced.
Joan Hyde, media coordinator for the FBI's chicago office, said Tuesday that it is not their case.
"The Secret Service may be handling it," she said.
Calls to the U.S. Secret Service's Chicago office were not returned Tuesday.
The merchant or merchants where the compromise took place has not yet been revealed because the investigation is ongoing.
Galor said the perpetrators access the retailer's computer system where credit and debit card data is stored and then are able to make new plastic cards, using that data, nearly anywhere.
The data is in the magnetic strip on the bottom of the card, she said.
Johnson said daily spending limits set on cards are aimed at preventing losses due to fraud.
"Limits are set on daily expenditures which reduces the risk," she said.
Card processors have fraud departments which monitor customers' expenditures and red flag anything out of the ordinary, Johnson said.
The card processor's fraud department will notify the bank and the customer when an unusual purchase occurs, she said.
Johnson urged customers not to ignore such calls and to make sure they supply their banks with up-to-date daytime phone numbers.
She cautioned residents that legitimate fraud departments will not ask for sensitive information such as a social security number.
This compromise may be similar to one at Schnuck's early this year.
In the spring, St. Louis-based grocery chain Schnucks revealed that 2.4 million credit and debit cards of its customers may have been compromised at its stores over 4 months beginning late last year. Twenty-three Illinois stores were affected.
It took a couple of weeks for Schnucks to inform customers after it found out about the problem. Some customers complained about the delay.
Under Illinois law, collectors of personal data are required by law to inform their customers of a breach.
But they can delay doing so if a law enforcement agency determines that a notification will interfere with a criminal investigation.
However, they must notify their customers as soon as they're given clearance.