We've had a discussion regarding breached debit cards and procedures. I have not been able to find anything in Reg E that requires documentation (similar to a fraud claim) when replacing debit cards that are part of a breach. And our only signature requirement is when the customer signs up for the service.

We recently had a large breach and most of our staffs time was being used to fill out the forms and then scanning for storage. I believe we are allowed to close the cards per 1005.8 (a)(2) and reissue new cards with the documents we have received regarding the breach to support this process. How are others handling debit card breaches?

Thank you.