If you've used a credit or debit card at a restaurant or retail store in the past nine or 10 months, then there's a chance your number is in the hands of thieves, or at least in their computer files. That's how wide the breach of Heartland Payment Systems' computer system reaches from coast to coast.
Heartland Payment Systems is in no way affiliated with Heartland Financial USA, the parent company of Dubuque Bank & Trust. The Princeton, N.J.-based company processes credit card transactions for 250,000 businesses nationwide, as many as 100 million transactions per month.
"If you happened to use one of those 250,000 retailers in the last nine or 10 months, and they're not giving us exact dates, there's a chance you're affected," said Lee Hoerner, senior vice president of sales and service at DuTrac Community Credit Union. "People that use their credit cards often are much more likely to be affected."
Hoerner and representatives from other Dubuque-area financial companies -- East Dubuque Savings Bank, Premier Bank and Dupaco Community Credit
Has your card been compromised? |
|---|
| Heartland Payment Systems has created a Web site -- www.2008breach.com -- to provide information and advise cardholders to examine their monthly statements closely and report suspicious activity on their card issuers. |
"Each area financial institution affected is taking steps to proactively minimize fraud and protect cardholders' funds," said Todd Link, senior vice president of operations at Premier Bank.
The computer breach was announced on Jan. 20, and investigators have not yet released how long the malware remained active. The technology employed is sophisticated, but in laymen terms, as businesses swiped customers' cards, information on the magnetic strips was being captured by software planted in Heartland's computer system.
The data provides enough information for thieves to fabricate fake cards and make fraudulent purchases, but personal information such as Social Security numbers, addresses and merchant information were not captured. Visa and MasterCard alerted Heartland to the possibility of fraudulent activity, and the company followed up with an investigation that found the breach, but it took months.
Credit card companies are alerting local institutions as to which credit card numbers are affected and in turn those institutions are contacting individual cardholders.
"We're still getting lists of cards from MasterCard and Visa," Hoerner said. "We don't know how long the list is, but it could be substantial. Right now what we've learned is that all of the information is not in yet."
Hoerner said local institutions have safeguards in place that detect unusual purchasing activity. What they don't have is control over situations like this one, where a national processing firm is hacked between point-of-purchase and point-of-processing.
The Heartland breach was the second revealed by a payment processor in recent weeks. On Dec. 23, RBS WorldPay Inc. said the personal data of about 1.5 million cardholders had been compromised. Industry officials fear a trend where hackers are targeting processors rather than businesses.
"The industry is working hard to get legislation in place that penalizes companies that allow this to happen," Hoerner said. "Something with teeth in it."
For now, the best thing consumers can do is check their monthly statements carefully to ensure their card number has not been used illegally.
