homepage logo

Compromised Bank Accounts Affecting Area Residents

By Staff | Jan 27, 2009

An incident being called the largest data breech of financial information in the United States is having a far-reaching effect, touching hundreds of Palo Alto County residents. Financial institutions in Palo Alto County, as well as around the United States, are notifying account holders with debit and credit cards about the possibility of those account numbers being stolen in the compromise of information.

Officials of Heartland Payment Systems of Princeton, NJ, announced last Wednesday, Jan. 21, that their computer system had been infiltrated with a software program that collected credit card and debit card account numbers during 2008. Heartland Payment Systems is a credit and debit card processing service that processes payments for over 250,000 businesses across the United States. Roughly 40 percent of the firm’s business comes from small to mid-sized restaurants across the country.

The data breech came to light when representatives of Master Card and VISA began contacting Heartland Payments, with reports of fraudulent activity. An investigation by forensic investigators and the United States Secret Service eventually discovered a piece of malicious software planted in Heartland’s payment processing system, which recorded account numbers as they were transmitted into the company’s computer system.

Once the data breech had been confirmed, Heartland Payment Systems notified the SHAZAM network, an electronic fund transfer company for the financial industry. SHAZAM in turn began notifying financial institutions around the country of the incident, and provided lists of the account numbers from each respective bank that had potentially been compromised.

Locally, the Iowa Trust and Savings Bank got word of the situation late Wednesday, according to President and CEO Kris Ausborn.

“Each time that we receive notice of a security issue, our first response is to immediately review the information and determine the appropriate course of action. Our first priority is the security of our customer information. While this breach was not the result of any action by Iowa Trust, we are the first line of defense to protecting our customer’s accounts.”

The Iowa Trust and Savings Bank was not the only local institution affected by the breach Officials of the Iowa State Bank in Ruthven, Laurens State Bank in Emmetsburg and Laurens, West Iowa Bank in West Bend and Farmers State Bank in West Bend and Whittemore also reported notification of possible compromised accounts along with Bank Plus in Graettinger and Estherville. Wells Fargo bank in Emmetsburg did not receive any notification of affected accounts, according to officials of the institution.

By latest count on Monday, Jan. 26, around 1,000 Palo Alto County residents had credit or debit cards whose account numbers may have been compromised. Customers who were positively identified as being compromised were being contacted individually by their banks.

According to Heartland Payment President Robert Baldwin, no account holder social security numbers, PIN numbers, addresses or telephone numbers were jeopardized in the data breech.

However, the data that was stolen would be enough to allow criminals to create a counterfeit debit or credit card. Such a fake card could be used in a face-to-face transaction at a business. However, such cards would not be viable for transactions over the internet or by phone, as the criminal would not have the special three-digit security number on the back of the legitimate debit or credit card.

For local banks, the problem is twofold: making sure that the local customer doesn’t lose any money and secondly, minimizing the inconvenience to the customer as much as possible.

“The Iowa Trust staff immediately began the process of cancelling the debit cards and notifying each customer included on the SHAZAM list that they may have had a transaction compromised by Heartland Payment Systems,” Kris Ausborn reported. “We also are informing our customers that new debit cards with a new account number will be reissued to them and will arrive in seven to 10 days.”

Other banks are following similar procedures, while some are merely advising their customers to exercise extra vigilance in monitoring their bank accounts to make sure that they can account for all transactions.

In checking with the financial institutions in Palo Alto County, one common denominator is that each bank is doing all that they can to protect and safeguard their customers’ accounts from unauthorized activity.

And, as always, customers are urged to never reveal any personal information such as social security number, address or personal identification numbers, (PIN) to anyone by phone or in response to emails. Legitimate banks have that information and do not need to contact you to verify it.