15 February 2007

Credit Cards Pulled as Banks Fear Fraud

  
The Toronto Star, Tara Perkins & Dana Flavelle, 15 February 2007

Banks are issuing thousands of new credit cards to Canadians whose card numbers were stolen or exposed to potential fraud in a security breach at the company that owns the Winners and HomeSense retail chains.

The banks say they are issuing the cards as a precaution.

But one banking source said there are indications that some fraudulent purchases have been made on Canadian cards as a result of the breach. An increase in fraud has been noted on some compromised Visa cards but it's too early to relate it to the breach, the source said.

The Canadian Imperial Bank of Commerce, the Bank of Nova Scotia, and Bank of Montreal confirmed yesterday that they are mailing out new credit cards to customers.

The Royal Bank and Toronto-Dominion Bank said they prefer to boost their monitoring of the cards that might have been affected, rather than issue new ones. That means their customers might notice more frequent phone calls asking them to confirm that they made any large or unusual purchases.

"Given recent breaches involving a number of retailers, CIBC is taking prudent steps on behalf of our clients to proactively replace their Visa cards where we have identified that they may be at higher risk of having their accounts used fraudulently," said CIBC spokesperson Rob McLeod.

The banks pointed out that they regularly issue new cards to customers as a result of security concerns, but this appears to be one of the larger incidents.

A consumer advocate says many consumers find it frustrating that they aren't being told why their cards need to be replaced except for vague references to the risk of fraud.

Beverley McKee is one of the cardholders whose MasterCard was cancelled and replaced.

"We were in Florida on vacation when our card was refused at a WalMart store despite having a high credit limit, no balance, and frequent use," she wrote in an email to the Star yesterday. A call to MasterCard revealed the card was on hold and a new one was on the way.

"Upon our return, the new card was in the mailbox with a form letter stating that security had been breached and, while they were unable to reveal how, when, or any other details, as a precaution they cancelled the old card.

"This is, of course, a nuisance since newspapers, utility bills, insurances, etc., are automatic monthly charges and each one has to be notified."

A non-profit agency that helps Third World children said it has noticed a growing number of clients registering new credit cards this month.

"In the past 24 hours, we've had 61 people call in to switch, and about 325 since Feb. 1. So it does seem to be accelerating," said Jay Hooper, vice-president of marketing for Plan Canada, formerly called Foster Parents Plan.

Winners and HomeSense owner, The TJX Companies, Inc., revealed last month that some card numbers were stolen and thousands more may have been compromised when hackers broke into computers that contained records of credit and debit cards transactions for all of 2003 and part of 2006.

"There are compromises out there all the time," noted RBC spokesperson Beja Rodeck.

The banks said thousands of new cards are routinely issued to customers each year as a precaution against fraud.

Canadian companies aren't required to disclose security breaches. Winners and HomeSense are owned by a U.S. firm. The Consumers' Association of Canada was scheduled to appear before the House ethics committee in Ottawa today to discuss the need for tougher disclosure laws.

"The privacy commissioner has really got no tools to enforce accountability," said association president Bruce Cran.

The consumers' association said it has fielded hundreds of calls from people in the past week wondering what to do because they got a BMO MasterCard in the mail without requesting one.

The new credit cards came with a letter that told customers to phone to activate their card, but customers could not get through when they dialled, Cran said. "The phone lines were jammed, so people were wondering what the heck was going on."

Also, "we've had maybe 10 or 12 calls by people who've gone to make purchases and found that their MasterCard actually has been cancelled without them knowing," Cran added. "Why that would be, I have no idea. It would seem to be related to the same thing."

Neither Scotiabank, CIBC nor BMO would say how many cards they are reissuing, but BMO spokesperson Michael Edmonds said, "It is a large number. We understand that some customers have been inconvenienced as a result of our proactive security measure, and we certainly apologize for that."

Both RBC and TD said they have not yet seen any fraudulent use of their credit cards as a result of the security breach at TJX. Spokespeople for the other banks declined to say whether or not there had been fraudulent activity on affected cards.

CIBC's McLeod said it's still too early to tell whether any fraudulent purchases are a result of the TJX breach because it takes some time to find out exactly how a credit card number got into a fraudster's hands.
;