Central Kentucky consumers who have used a credit card or debit card when shopping at T.J. Maxx, Marshall's or HomeGoods will want to watch their bank or credit card statements carefully.
And some of them may want to watch the mail for a new debit card.
TJX, a Massachusetts-based company that operates T.J. Maxx, Marshall's, HomeGoods and several other retail chains in the United States and abroad, announced last week that an "unauthorized intruder" had hacked into the system that the company uses for credit and debit card transactions, checks and merchandise returns.
Because of the possibility of fraud, TJX notified the credit card companies of individuals whose credit and debit card information might have been compromised, and the credit firms have since been notifying financial institutions of their customers' situations.
Banks and credit unions decide whether to issue new cards to those customers or to keep an eye on their accounts for fraudulent transactions.
At JP Morgan Chase, "we constantly are monitoring and are involved in the fraud prevention," said spokeswoman Nancy Norris.
The company is not automatically issuing new cards to individuals whose account numbers might have been stolen, she said.
"We continuously monitor accounts for any suspicious behavior and notify cardmembers immediately if something unusual is detected," Chase said in a statement.
About 200 debit cards issued by the Lexington Postal Credit Union have been compromised and are being replaced, said Sharon Moore, president of the organization.
The likelihood that those debit cards would be used to make fraudulent purchases is slim, she said. But to be safe, the credit union is immediately blocking affected cards and ordering new ones for those customers.
"The risk is probably really low, but we don't want to play with that risk," Moore said.
After blocking the cards, Moore said, the credit union has been notifying the customers of the situation.
However, some customers who use their cards frequently have been learning of the issue the hard way Ð as they try to use their card and it is declined.
When the University of Kentucky Federal Credit Union was notified of compromised accounts, it flagged the accounts and ordered new debit cards for the customers, said interim CEO Greg Baker.
In the meantime, rather than blocking all transactions to those cards, Baker said the UK credit union has been lowering the limits on the charges that can be applied while still allowing the customer to use the card.
Baker declined to say how many credit union members have been affected, but he said none have been the victims of fraudulent purchases.
TJX has not said how many people's information might have been stolen nationwide.
The company said the stolen customer data included information from 2003 transactions, as well as information from mid-May 2006 through December, when the breach was discovered.
Avivah Litan, a data security analyst for Garter Inc., said it could be difficult for the company to determine the scope of the breach because the thieves had a lot of time to sell and circulate the information before the hacking was discovered.
Some of the customer data has been used to make fraudulent debit card and credit card purchases in Florida, Georgia, and Louisiana, and in Hong Kong and Sweden, according to the Massachusetts Bankers Association.
"We expect that this is going to continue and the fraud may widen," said Bruce Spitzer, spokesman for the Massachusetts group.
He said the cost to banks of reissuing hundreds of thousands of cards alone will be "enormous."
This kind of information breach is not uncommon in today's technology-driven economy.
But Heather Clary, spokeswoman for the Better Business Bureau of Central and Eastern Kentucky, said consumers can use technology to their advantage.
Rather than having to wait for a monthly statement, consumers now have the ability to catch fraud more quickly by checking their bank and credit card accounts online frequently.
"Diligence is the key," she said.
Clary also said consumers who notice something suspicious on their statements should notify their financial institutions immediately.
"Don't delay if you see something that's unauthorized," she said.
Credit card companies have noted that consumers are not responsible for fraudulent purchases, but it's easier to correct such situations when they're caught quickly.
Consumers should also protect against fraud by taking advantage of free annual credit reports, which are available at 1-877-322-8228 or at www. annualcreditreport.com.
Although major thefts of information like this one get lots of attention, Norris, of JP Morgan Chase, said most fraud "is still done the old fashioned way" Ð by thieves who steal cards, sift through the trash for account numbers or peek over consumers' shoulders to see their card numbers.
"You're more at risk if you aren't personally protecting your number," she said.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment