Much of Utah’s economic success can be attributed to the many ambiti...Read More
Big Shoes to Fill
Utah's Top 100 Private Companies
How do they do it?
Examining the Agreement
Food for Thought
In the Vault
Commercial Real Estate
Salt Lake Area
Ah, the holiday season. What is supposed to be the best time of the year for consumer sales turned into a nightmare for one of the country’s largest retailers. Between November and December 2013, hackers accessed debit card data and personal details—names, addresses and phone numbers—of an estimated 110 million Target customers.
The data breach resulted in a huge hit to Target’s bottom line, costing the company $61 million in the fourth quarter alone and a 46 percent year-over-year decline in net income. It has also left millions of consumers across the country worrying about fraudulent purchases, identity theft and the overall safety of shopping with credit cards.
While holes in Target’s security measures are to blame for the breach, it’s the card-issuers—including local banks and credit unions—who have had to deal with the consequences. In choosing how to respond to the breach, Utah financial institutions had a number of options, from blocking all clients’ cards immediately, to waiting for more information, to doing nothing at all.
Here’s how two Utah lenders tackled the problem and what they learned from the experience.
Communication is Key
“There’s an old adage that when people are fearful or threatened, you can’t communicate enough,” says Richard Beard, president and CEO of Bank of American Fork. Though banks initially didn’t have much more information about the breach than the general public, Bank of American Fork knew its customers would turn to it for information and guidance. So its employees immediately started reaching out in every way they could.
“We sent emails, posted blogs and sent letters,” Beard says. “We wanted to make sure there was information available that answered the question, ‘What does this mean to me?’”
Within a few days of the breach being exposed, the bank had identified all of the customers who had used their card at Target during the compromised period. Employees then contacted affected members and recommended the card be blocked. New cards were reissued inside the bank or by mail.
“Frankly, it cost us money to do that,” Beard admits. “But we wanted to make sure that nobody got hurt and we were willing to eat a bit of cost to do that.” By early January, cards had all been reissued and the bank was able to avoid any fraud loss.
“Our view is that the reason our community banks exist is because we are very customer relations centered,” Beard adds. “A lot of these people are friends and neighbors, people we have long-term relationships with. We believe that if we take care of them, not only is it the right thing to do, but it’s economically is valuable to the bank over the long term.”
Education is Crucial
Mountain America Credit Union took a similar approach, reaching out to potentially impacted members and encouraging them to get a new card. It also used the data breach as an opportunity to stress the importance of keeping a close eye on your account.
“There is a certain amount of trust consumers have in the retailers and businesses they choose to do business with,” says Cathy Smoyer, senior vice president and chief risk officer at Mountain America. “If this can happen to Target, who is a trusted retailer, it’s a natural reaction for a consumer to wonder what’s happening with their card elsewhere.”
Though data threats are becoming more prevalent, security measures are now more accessible. Mountain America encourages its members to take advantage of free text message alerts. “It’s a great way for cardholders to have immediate notification that a transaction has happened on their account,” Smoyer says. “They don’t have to wait until they get a statement or they log on to online banking. [If they see a fraudulent charge], they can immediately start working with us so we can block their card and get them a new one.”
Despite notifications and warnings about the data breach, some members at Mountain America and elsewhere simply choose not to pursue new cards or other safeguards. Smoyer’s advice to those individuals is simple. “Get a new card,” she says. “It’s an inconvenience to set up direct payments for bills and mortgages and loans again, but it’s easier than having someone commit fraud on your account.”
Lessons for Consumers
Through the data breach, both Bank of American Fork and Mountain America learned that consumers need continual education about the risks of the credit card age. Luckily, most safety precautions are simple.
Smoyer reminds cardholders to be aware of their cards’ whereabouts and never to leave them unattended in a wallet or purse in a car. She also advises consumers to only make online purchases from reputable sites and to make sure your bank always has your current contact information so it can quickly find you if your account is compromised.