GRSB responds quickly to Target data breachPublished by Andy Sween on Tue, 2014-01-07 15:13
On the morning of December 23 the Grand Rapids State Bank Card Services department received a list they had been anxiously awaiting, and it wasn’t a Christmas list. The list contained the card numbers of GRSB customers that could have been compromised during the Target Corporation security breach from November 27 through December 15. The initial list contained more than 500 GRSB credit and debit cards. In the following days another 100+ card accounts were added.
A team of GRSB employees, led by Jeri Hanson, Card Services representative, began making the hundreds of phone calls it would take to contact all the affected account holders and inform them of this news. Understandably, some customers were frustrated at not being able to use their cards during the holidays, but most were grateful that potential fraud opportunity was nipped in the bud. “For our customer’s security and peace of mind, GRSB decided to close and reissue all credit and debit cards that appeared on the list,” said Hanson. “We understood this was an inconvenience for our cardholders, but it was also the best line of defense against fraud.” Once cards were closed and re-issued, new cards were generally delivered during the next seven to ten business days.
Many industry experts also believe that GRSB’s better safe-than-sorry approach was the right one. Adam Williams, chief information security officer at Diebold, thinks banks should always send out new cards to affected customers. "I'm a firm believer that when there's uncertainty you reissue," Williams says. His family had shopped at Target, and rather than wait for his bank to contact him, he immediately closed his credit card. "I would prefer to go a couple of days with an inconvenience than wait around and see."
Brian Riley, a senior research director for CEB Tower Group with more than 25 years of financial institution experience and an expert in the areas of bank card technology, agreed with Williams. "What consumers need to protect against is the surprise that happens when you're at dinner and you're paying with the one debit card in your pocket and finding there's a challenge," he says. "It's much better to be proactive than to wait for your card issuers. " said Riley.
This quick “all hands on deck” approach was not used by all banks however. According to a December 27th article in American Banker magazine, 42% of bankers polled said they would take a “wait and see” approach and would issue new cards only when they detected suspicious account activity in a customer's account. A smaller number, around 10%, said the expense, time and inconvenience of large-scale reissuance made it prohibitive. Approximately 48%, meanwhile, took GRSB’s approach and reissued cards because they felt it was the best way to protect affected accounts from fraud.
“It was a large expense for us, but it was the right thing to do for our customer’s financial safety,” said Hanson.