Community Bank of Oak Park-River Forest has issued new debit cards to some of its account holders this week after detecting a security breach with a local retailer that resulted in fraudulent purchases.
Bob Ellison, vice president of operations, said in a telephone interview that all of the card holders associated with the fraudulent transactions have been contacted and issued new cards.
He declined to disclose the number of customers affected or the retailer where the illegal purchases were made, but he did note the transactions were made over the weekend.
Ellison said none of the customers were ever at risk of losing money from their accounts, due to federal regulations that require financial institutions to make whole its customers who have been subjected to such fraud.
“We were able to find a common merchant that all those particular customers had gone to, and it was a local retailer,” he said, adding that either the retailer’s payment system or the merchant processor used to handle debit and credit transactions had been compromised.
He said it is more likely that the merchant’s processor was compromised.
“We cannot confirm [how the fraud occurred] which is why we are declining to name the retailer,” Ellison said.
The bank noted in a press release that Community Bank is not the only bank that has experienced a major increase in such fraudulent activity.
“Every bank is sharing this kind of pain,” he said.
Frank Frigo, marketing officer for Community Bank, reiterated in an email that the security breach did not occur at the bank but with a local retailer, “And the breach potentially impacted customers of all banks, not just Community Bank.”
He said the credit and debit card industry is now undergoing a massive shift in credit and debit card technology, and future cards will have a computer chip in them rather than a magnetic strip.
Ellison said the chip technology was put in place in Europe more than a decade ago and reduced fraud by more than 80 percent.
As a result of the fraudulent activity, the bank also is limiting debit card access in Bahrain, Brazil, Cameroon, China, Dominican Republic, Egypt, Ghana, India, Indonesia, Ivory Coast, Qatar, Romania, Saudi Arabia, South Africa, Turkey and Uganda. The bank noted that the countries are named as part of industry-wide guidance when such data breaches are detected.
“When using your card within these countries, you will still be able to conduct PIN-based transactions, but you will not be able to sign for your transactions,” the press release stated. “You can also use ATMs, and online transactions are unaffected.”
The bank suggests taking additional forms of payment such as credit cards or foreign currency when visiting the countries listed. They also recommend contacting a banker prior to travel outside the United States “to ensure that you will continue to have access to your funds.”
Ellison confirmed that the data breach was not a so-called phishing scam, but the bank noted in its news release that phishing — fraudulently obtaining and using financial or personal information — “has emerged as one of the most potent forms of mass identity theft, and has proven to be a very effective way to sometimes trick millions of users at a time into revealing confidential information that can then be used to steal their identities.”