Banks bear cost of store data breaches

Hackers stole Laura Keene's debit card information and swiped $483.41. Keene, a Jackson victim of the highly publicized Target breach, got her money back, but it wasn't Target who made things right. It was her bank.

In the case of the Keene family, The Bank of Missouri refunded the theft. John M. Thompson, president of the bank, said he believes the victims are due a refund, but the banking industry's burden to pay its customers gives retailers little reason to improve security.

Banking customers are insured against such losses and not held accountable or responsible. The banking industry provides the refunds to data breach victims.

"The consumer was made whole, and they should be, because it's not their fault," he said. "The retailer is not responsible from an economic standpoint. What's their incentive to heighten security?"

Recent data breaches also have occurred at Schnucks grocery stores and Neiman Marcus department stores.

"The banks are catching the brunt of the financial loss when they are being the most proactive in the protection of customer information," he said.

And the cost of fixing the problem doesn't stop with refunding fraudulent charges.

Thompson said it costs about $12 a card that is reissued to customers, which includes the cost of the plastic card, changing data and mailing the card. New cards are issued to every customer who may be affected by a data breach, he said.

Thompson said the country has been slow in implementing technology that would heighten security for debit- and credit-card transactions, such as the use of microchips.

"The bad guys are way ahead of the good guys in terms of their technology," he said.

Keene balances her family's checkbook regularly and keeps track of banking transactions online. So when she and her husband took their daughters to have their picture taken with Santa on Dec. 20 and their debit card was declined, she panicked.

"It was kind of traumatic," Keene said. According to her checkbook, they had enough money.

The family was given their photos free of charge, but that didn't answer how their account was overdrawn, even after her husband had been paid that day. The one-income family paid their usual bills, filled their gas tanks and did some Christmas shopping, but there still should have been money in the account.

Target believes the theft of about 40 million debit and credit card numbers affected only cards used between Nov. 27 and Dec. 15. The company later learned personal information -- including email and home addresses, phone numbers and names -- were swiped from as many as 70 million customers.

The Keenes eventually learned their debit card number was used for a $483.41 purchase at a Target in Sun Valley, N.Y.

Keene had heard nothing about the Target data breach until Dec. 20 when, as she was shopping at Target, her husband called and told her not to use her debit card because he heard of a data breach involving the store.

There were no signs or notifications of the breach in the store, she said. Target made the announcement of the breach Dec. 19.

Keene said if Target had informed customers of the breach earlier, she would have canceled her debit card "that very second."

"I think once they realized how big the damage was, they scrambled to catch up with it," she said.

Their debit card information was stolen via a $12.50 purchase Keene made at Target on Nov. 30, she said.

Liz Wassell, store team leader at Target in Cape Girardeau, on Jan. 20 said she had noticed fewer than 10 people who encountered any kind of activity related to the breach.

"We actually haven't heard of as many people being affected locally," Wassell said.

Target has taken full accountability for its actions, she said, and been "as proactive as they could be" in the matter.

"I'm happy with the way that Target has handled it," Wassell said.

After a story was published about the breach in the Southeast Missourian, three people approached the newspaper with examples of how they were affected.

Many Target customers were issued a new debit or credit card to be on the safe side, including Ron Ruppel.

Ruppel was charged a $5 replacement fee for a new card issued to him from his bank, Cape Regional Credit Union. However, his previous card was canceled on a day when he went to the doctor.

"I was unable to pay my co-pay, which was embarrassing," Ruppel said in an email to the Southeast Missourian.

Ruppel said it was inconvenient to drive to the bank to withdraw cash, and the transition overall was "annoying."

Keene, meanwhile, has signed up for a year of free credit-monitoring services Target is offering customers who are potential victims of the breach.

"I am not afraid to shop there anymore; I just refuse to use my debit card," Keene said. "It's not their fault; I think it will be a long time before we use our debt card there."

ashedd@semissourian.com

388-3632

Pertinent addresses:

202 Siemers Drive, Cape Girardeau, Mo.

3427 William St., Cape Girardeau, Mo.

2427 Cape Centre Drive, Cape Girardeau, Mo.