Thieves use stolen data on debit, credit transactions
BY DENEEN SMITH
dsmith@kenoshanews.com

Customers at Southport Bank in Kenosha fell victim last week to a data breach at a company that processes debit and credit card transactions for national retailers. 

In January, Heartland Payment Systems announced a data breach. Since then, customers of more than 600 banks around the country have been victims of debit card fraud, with thieves using data stolen during the Heartland breach.

Last week, Southport learned 78 customers had been hit by debit card theft, with the thieves using fraudulently produced duplicate cards to make purchases.  The bank said that customers — including several Southport Bank employees — began noticing irregular transactions on their accounts April 8th.  Other local banks also have been affected, including Bank of Kenosha.

Southport senior vice president Gregg Pfarr — who said his own personal account was one of those breached — said the bank moved to shut down the fraud, issuing new cards to customers believed vulnerable and placing a $100 limit on signature-only uses of debit cards that do not require customers to provide a personal identification number (PIN).  Editor's Sarcastic Note:  That must mean that PIN transactions are more secure than signature debit...who woulda thunkit?

Before the bank was alerted to the scam, the identity thieves made $31,000 in purchases with the cards. Southport Bank is covering those losses; bank customers are not liable for the charges.  According to Pfarr, the problem is related to the security breach announced by New Jersey-based Heartland, which provides debit and credit card processing services for more than 250,000 retailers across the country.

Heartland issued statements saying it had uncovered “malicious software” planted in the company’s payment network. That software apparently captured data from the magnetic strip on the back of credit and debit cards, allowing thieves to recreate the cards.  The breach may have exposed millions of cardholders across the nation to fraud.   According to Heartland, the malicious software did not capture individual PINs, addresses or other personal information from card holders. The FBI is investigating the breach.

Pfarr said it appears scammers are using the information to hit banks in clusters. He said the fraudulent charges on customers’ cards were out of state, concentrated in Arizona, California and Illinois. Pfarr said the charges on his own account were at Wal-Mart and Walgreens stores in Arizona.  The charges to Southport customers all appeared to occur in the last week, and the bank now believes it has shut down all the cards vulnerable to the fraud. 

Bank of Kenosha officials acknowledged the Heartland breach also affected their bank. However, chief financial officer Mark King said he could not comment on the details, saying the bank officer who worked on the issue was out of the office Monday.  Pfarr said all consumers should keep a close watch on account information and be wary of fraudulent charges. By law, he said, customers are not liable for fraudulent purchases on their cards.