Be careful ... this is how Riggs bank got nailed. (or was it the other one?) Anywho - if it hit the treshold of over $25K - it would be considered Credit/Debit Card Fraud & Identity Theft. You are obligated to file. Because the regulators know, is all the more reason to file.

This would not be (IMHO) Computer Intrusion as your computers were not intruded upon.

We had an examiner ask why we hadn't filed it under a computer intrusion. My interpretation of a computer intrusion has always been our system. If you are caught up in someone elses problem, such as the Heartland case should you then be filing a SAR?

It is NOT computer intrusion.

Characterization of Suspicious Activity - Reportable Condition
Possible Federal Criminal Statute(s)
Explanation/Description

Computer Intrusion
18 U.S.C. Section 1030 – Computer Fraud
A person who gains access to a computer system of a financial institution to:

Remove, steal, procure or otherwise affect funds of the institution or the institution's customers
Remove, steal, procure or otherwise affect critical information of the institution including customer account information; or,
Damage, disable or otherwise affect critical systems of the institution.
Note: Does not mean attempted intrusions of websites or other non-critical information systems of the institution that provide no access to institution or customer financial or other critical information

See The SAR Activity Review for additional information on Computer Intrusion at the following hyperlink: http://www.fincen.gov/sarreviewissue3.pdf