Thread Options
|
#669544 - 01/22/07 05:39 PM
TJX Breach
|
Member
Joined: Nov 2002
Posts: 76
MA
|
Curious as to the impact being felt and whether other bankers are reissuing or monitoring?
_________________________
Expressions posted here are not necessarily those of my employer(s).
|
Return to Top
|
|
|
|
#669556 - 01/22/07 05:49 PM
Re: TJX Breach
MikeJ
|
Member
Joined: Mar 2006
Posts: 70
Salt Lake City, UT
|
I have seen little fraud thus far and will continue to monitor and make adjustmens to strategies as necessary.
|
Return to Top
|
|
|
|
#669576 - 01/22/07 06:08 PM
Re: TJX Breach
C_Groat
|
Junior Member
Joined: Jan 2007
Posts: 35
Wisconsin
|
I've read that fraud associated with this type of activity may not appear for some time as the intruders know that banks and customers will probably be very diligent in the first handful of months that follow.
For us (a CB of about $500M in assets and limited resources in our card processing area), we will close and reissue as a result of this breach. In the past some of our customers demanded that their cards remained open so that they weren't inconvenienced. On almost every occasion fraud was conducted much later and the bank suffered loss, both monetarily and from a reputational standpoint.
We will probably revise our procedures to not permit any compromised card to remain open.
We're oh so comforted by TJX's disappointment over this breach...
_________________________
- Just because something is legal doesn't make it reasonable or right -
|
Return to Top
|
|
|
|
#669584 - 01/22/07 06:15 PM
Re: TJX Breach
JacF
|
Junior Member
Joined: Jan 2007
Posts: 35
Wisconsin
|
JacFSB:
Out of curiosity, do you provide a timeframe for closing and reissuing, or do you just do it immediately and then contact your customers?
Also, how do you contact them? Do you send them a letter or try to call them or both?
_________________________
- Just because something is legal doesn't make it reasonable or right -
|
Return to Top
|
|
|
|
#669623 - 01/22/07 06:47 PM
Re: TJX Breach
JacF
|
Member
Joined: Dec 2005
Posts: 60
Maine
|
We are of simlar size as JD in JC and have the same procedures, re-issue and close. Our plastic provider will typically have the new cards to the customer in about 10 business days after ordering. We cut letters to the customer and time their mailing to arrive about 2 days before the new card. The letter explains the reason for the new card and asks them to call us when it arrives, at which time we close the old card. Sometimes they call immeadiately to have it closed but most of the time they jsut wait.
_________________________
The cannons don't thunder there's nothin' to plunder.
|
Return to Top
|
|
|
|
#669638 - 01/22/07 07:00 PM
Re: TJX Breach
FraudHorn
|
Junior Member
Joined: Jan 2007
Posts: 35
Wisconsin
|
Thanks for the info, JacFSB and FraudHorn!
_________________________
- Just because something is legal doesn't make it reasonable or right -
|
Return to Top
|
|
|
|
#669676 - 01/22/07 07:20 PM
Re: TJX Breach
JD in JC
|
Member
Joined: Mar 2006
Posts: 70
Salt Lake City, UT
|
Do any of the banks that are planning on a blanket reissue, do any type of analysis to show how many customers you lose atfer a mass reissue or customers that reduce their usage of your cards? Doesn't your cost of reissuing all of these cards everytime a compromise comes up (we had 181 notifications in 2006 for over 150,000 account numbers) far outweigh what incremental fraud you may experience down the road?
|
Return to Top
|
|
|
|
#669789 - 01/22/07 08:31 PM
Re: TJX Breach
C_Groat
|
Member
Joined: Nov 2002
Posts: 76
MA
|
We cancel and reissue as a matter of policy and I appreciate all the feedback here. Some banks monitor and my question for those banks is....
Let's say you get a list of 1500 cards and you decide to monitor. Three months from now, one of those account numbers is used and you take a hit. Do you only cancel that card or do you now cancel the other 1499? Do you need to take an individual hit (which could be costly over a nice long weekend) in order to cancel each card?
_________________________
Expressions posted here are not necessarily those of my employer(s).
|
Return to Top
|
|
|
|
#669827 - 01/22/07 09:00 PM
Re: TJX Breach
MikeJ
|
Junior Member
Joined: Jan 2007
Posts: 35
Wisconsin
|
C Groat:
I understand your argument and agree with you on the one hand. I think an analysis of actual versus potential losses and lost business due to customer frustration would be the way to go. As you aptly point out, unless we do some sort of analysis, we will never know how many customers we lose from such a policy and whether or not the magnitude of this response gives us the most bang for our buck.
However, our experience of fraud down the road has proved to support MikeJ's comments (at least for us). And with our limited expertise/resources/whatever in this area (including monitoring) we feel, at least at the most basic level, we have a good idea of our costs from a fraud standpoint going into our plan (i.e., $ per card X # of cards to be reissued).
For my bank we are talking about a fraction of the number of accounts you are talking about. I suppose that, in the event the rate of incidents increase substantially, we will eventually have to weigh the option of monitoring/analyzing accounts versus our policy of blanket reissuance.
_________________________
- Just because something is legal doesn't make it reasonable or right -
|
Return to Top
|
|
|
|
#669956 - 01/22/07 10:47 PM
Re: TJX Breach
JD in JC
|
Member
Joined: Mar 2006
Posts: 70
Salt Lake City, UT
|
If you have limited resources in your fraud arena to monitor and build new POS type decline strategies as issues occur, I would concur with your assessment to reissue. Unfortunately, with all of these compromises and reissues, the consumers blame the banks for the inconvenience and are quick to move down the street even though they are also affected and may choose to reissue.
|
Return to Top
|
|
|
|
#670087 - 01/23/07 02:45 PM
Re: TJX Breach
C_Groat
|
Power Poster
Joined: Nov 2001
Posts: 6,719
PA
|
the consumers blame the banks for the inconvenience and are quick to move down the street even though they are also affected and may choose to reissue. We always cancel and reissue in these circumstances, and my experience has been exactly the opposite of this. While our customers do not like the inconvenience, they are very appreciative of our proactive approach, and our desire to prevent losses, instead of responding to losses after they happen.
|
Return to Top
|
|
|
|
#670098 - 01/23/07 02:51 PM
Re: TJX Breach
JacF
|
Power Poster
Joined: Jun 2006
Posts: 2,515
|
the consumers blame the banks for the inconvenience and are quick to move down the street even though they are also affected and may choose to reissue. We always cancel and reissue in these circumstances, and my experience has been exactly the opposite of this. While our customers do not like the inconvenience, they are very appreciative of our proactive approach, and our desire to prevent losses, instead of responding to losses after they happen. This was my thought as well. I was in the sales/service side of banking for quite a few years at a very large institution, and can't think of a single situation where we lost a customer because of being proactive about potential fraud. The essential key to this, IMO, is communication. Let them know (in as personal of a way as possible) what you're doing and why, and they will be thankful.
_________________________
The beatings will continue until morale improves...
|
Return to Top
|
|
|
|
#670361 - 01/23/07 05:57 PM
Re: TJX Breach
MadisonCali
|
10K Club
Joined: Oct 2000
Posts: 40,086
Cape Cod
|
The bank that has my accounts is canceling and re-issuing based on the list of compromised cards provided by TJX. We are in the heartland of TJX country up here in Massachusetts, and my bank undoubtedly has a lot of accounts to take care of here. It will take them some time, but they've also made it clear that they will do early reissues for any customer who asks for expedited treatment.
_________________________
John S. Burnett BankersOnline.com Fighting for Compliance since 1976 Bankers' Threads User #8
|
Return to Top
|
|
|
|
#670800 - 01/24/07 01:21 AM
Re: TJX Breach
MikeJ
|
New Poster
Joined: Jul 2006
Posts: 23
Washington
|
We currently reissue and send letters to the customers (along with the new card) explaining the situation and give them 5-10 days to activate their new card.
Through experience, I have found that giving a deadline date to activate the new card saves a lot of repeated work.
I have not found that we have lost any customers as a result of this. I have found that the customers are appreciative that we are "looking out for them".
We are a small bank ($150M), so we do not have as large amounts as other banks.
_________________________
--I feel a sick day coming on---
|
Return to Top
|
|
|
|
#670868 - 01/24/07 01:43 PM
Re: TJX Breach
P*Q
|
10K Club
Joined: Oct 2000
Posts: 40,086
Cape Cod
|
I thought you said my present came from Nordstrom's, PQ! Now I'm bummed!
_________________________
John S. Burnett BankersOnline.com Fighting for Compliance since 1976 Bankers' Threads User #8
|
Return to Top
|
|
|
|
#671208 - 01/24/07 05:59 PM
Re: TJX Breach
XODUS
|
Gold Star
Joined: Mar 2005
Posts: 355
WY - still a CO girl, though
|
Where can I find more information about who was affected? I am with someone else above where this is the first year I have been there... of course. I am wondering how you all have heard. Is TJMaxx letting individual banks know? or just credit card processors?
_________________________
...it's all opinion, until proven otherwise...
|
Return to Top
|
|
|
|
#671211 - 01/24/07 05:59 PM
Re: TJX Breach
XODUS
|
Gold Star
Joined: Mar 2005
Posts: 355
WY - still a CO girl, though
|
Where can I find more information about who was affected? I am with someone else above where this is the first year I have been there... of course. I am wondering how you all have heard. Is TJMaxx letting individual banks know? or just credit card processors?
_________________________
...it's all opinion, until proven otherwise...
|
Return to Top
|
|
|
|
|
|