Posts Tagged ‘Heartland Compromise


Like a Thief in the Night

Something huge has happened.  It crept by largely unnoticed by the citizenry as a whole and barely remarked up by the press.  There was a data breach.  That’s probably why the story slipped by – it sounds so dull.  What happened, though, is that millions of credit and debit card numbers were stolen by an overseas group.  The group hacked into a third party credit card processor, Heartland Financial, and took these numbers.  Customers have been reassured that no damage was done and every bank is handling it differently.  Some banks immediately closed the cards, leaving customers to have their purchases declined.  Other banks notified their customers and told them that they may request a new card if it would make them feel more comfortable.  Still other banks have simply “blocked” the compromised cards until new ones can be issued.  Customers may still use their cards, but only if they are able to input a PIN with the transaction.  Still, this leaves customers unable to use compromised cards at restaurants and even Starbucks.  Heartland Financial contends that only card numbers were taken so it would be difficult for the perpetrators to do real damage with this information. 

The bigger picture has not been addressed.

It is very possible that this compromise may include millions of cards.  Heartland Financial processes about 100 million transactions per month and suspicions are that the sniffer software had been in place since May of 2008.  There is no question that this will be the biggest breach in history.  Right now it is second to the TJX breach, but the final numbers are not in.  Of course, Heartland has downplayed the severity of this situation, even going so far as to make the announcement on inauguration day, when the press was somewhat preoccupied.  Heartland was made aware of this breach by Visa.  They did not uncover it themselves, despite the security measures the company had taken.  When Visa noticed an inordinate amount of fraud on customer accounts, they traced it back to Heartland and notified the company.  It took months for Heartland to uncover it.  Their own staff was unable to do it; they had to hire a third party forensic analyst to find the breach.  As this has been uncovered, Heartland finally admitted that information is not encrypted during the transmittal phase of a transaction.  This makes the system inexcusably vulnerable.

Even as Heartland downplayed this situation, banks were noticing these fraudulent charges that Visa reported.  Heartland assured people that no harm would come of this, but in one weekend, a small credit union incurred $11,000.00 in losses.  The losses have since been traced to this compromise.  STOP.  So, we have potentially tens of millions of cards compromised.  If the perpetrators are able to put through just $100.00 on each of these cards, the losses will be astronomical.  Under Visa’s Zero Liability policy, banks issuing Visa cards may be liable for fraudulent transactions on customer accounts.  The banking system is already under duress.  Regardless of fraudulent charges, banks stand to loose.  Reissuing credit and debit cards can cost up to $20.oo PER CARD, depending on the size of the institution. 

In addition to the financial strain this is placing on the American banking system, it erodes consumer confidence even more.  Customers who are unaware of the many steps involved in processing these transactions are making the logical assumption that their bank is unsafe.  On a local level, banks are receiving harmful press.  In some places, businesses are refusing to accept debit cards.  Consumer confidence is already at an all time low and, unbelievably, confidence in the financial industry is even lower.  Much damage has been done to the American psyche.  While consumer confidence plunges, restaurants miss out on a week of business.  Many customers are coping with this situation by staying home until new cards arrive.  They know their cards will not work at restaurants, so unless they have planned ahead they are not eating out.

Customers face an actual danger in that there is evidence these perpetrators are “phishing” for more information.  Once the cards are closed, they cannot be used, so the criminals are searching for information that is useful.  They are calling these nervous customers and claiming to be from their banks, asking to confirm information.  If the customer gives it over, they are literally giving up their identity.  These perpetrators have not been named.  We just know that they were found overseas.  I would like to know if these are really just greedy men or if they need to raise massive amounts of money for a certain planned purpose.  Or, even more sinister, is this a concerted effort to undermine the American financial system?

We know nothing about the perpetrators of this crime except that they are overseas.


What’s here

SuzyJ’s Tweets

Error: Twitter did not respond. Please wait a few minutes and refresh this page.