By LESLIE COLLINS
January 1, 2014
Central Bank of Kansas City has already received multiple phone calls from customers concerned about the Target debit and credit card breach.
“They’re worried about it,” Central Bank of Kansas City Senior Vice President Lori Dorr said of customers. “We say the same thing to everybody: You need to review your statements.”
According to Target, the unauthorized access to the credit and debit card data occurred in U.S. stores between Nov. 27 and Dec. 15. About 40 million accounts were affected. Stolen data included customer names, debit and credit card numbers, card expiration dates and CVV information encoded on the magnetic strip. On Dec. 27, Target confirmed that encrypted PIN data was also stolen.
“We remain confident that PIN numbers are safe and secure,” Target said in a press release. “The PIN information was fully encrypted at the keypad, remained encrypted within our system, and remained encrypted when it was removed from our systems… the ‘key’ necessary to decrypt that data has never existed within Target’s system and could not have been taken during this incident.”
Dorr said customers should be vigilant about checking their debit and credit card accounts for fraudulent charges. Once a customer receives a bank statement, he or she has 60 days to notify the bank of fraudulent charges, Dorr said.
Asked if Central Bank plans to reissue cards for customers affected by the breach, Dorr said the bank is currently in the decision making process and trying to determine how many customers were affected.
“It’s (data breach) so big that it’s taking banks a lot longer to make decisions on how they’re going to handle this breach,” she said.
Reissuing cards also costs banks money, she said, and individual banks will need to determine whether reissuing cards to affected customers is the right decision. Currently, no Central Bank customers have reported fraudulent charges related to the Target breach, she said.
If a customer notices a fraudulent charge he or she should notify his or her financial institution immediately. Once the bank is notified, the card will be deactivated and a new card will be issued. Refunds on fraudulent charges can take up to 10 days, she said, to allow the financial institution to investigate and determine if fraud took place. In the case of the Target breach, however, customers will receive refunds sooner since it’s a known breach, she said.
In addition to frequently monitoring their bank accounts, customers must also be aware of individuals who may try take advantage of the Target breach by posing as Target or bank representatives.
“Consumers should be wary when anyone asks for their personal information via telephone or email, as the person on the other end of the line may be trying to steal the consumer’s identity,” Missouri Attorney General Chris Koster said in a press release.
“No bank is going to call and ask for personal information. We’ve got all that information,” Dorr said. “Nobody should be answering any questions like that over the phone.”
Private information shouldn’t be sent out via email, either, she said.
Asked what precautions credit and debit card holders can take in the future, Dorr said, “I don’t think there really is a way for a consumer to protect themselves from something like this happening. This (Target breach) is at no fault of any consumer. It’s the fault of the merchant who didn’t do what they should do for security of the information. The only thing a person like you and me can do is to make sure we monitor our bank statements. This bank always stresses financial literacy and making people understand you have to review your bank statements, because things like this happen, mistakes happen, and the only way they can be caught is if somebody is reviewing the bank statements.”