Citi, B of A Card Customers Hit by Merchant Data Breach
As if the financial system needed more challenges, there is a huge one lurking that never goes away: keeping data secure. Because our current market and economic predicament has presented a barrage of other risks that are perceived as more immediate, securing customer and corporate data too often remains at the bottom of the triage list.August 16
Federal regulators on Tuesday released updated guidance on how banks should guard against cyber-security threats.June 28
A total of 360,083 North American Citigroup credit card accounts were affected by a recent breach of customer's names, emails, account numbers and transaction histories. This is a breach that could have been avoided by inserting simple access controls.June 21
WASHINGTON The Obama administration's push to create a national standard for when and how banks and other companies must notify customers of a data breach appears to be gaining momentum.June 21
Citigroup Inc. and Bank of America Corp. closed some of their card customers' accounts this week, citing data breaches at unidentified retailers.
It was not immediately clear if both banks' customers were affected by a security failure at the same merchant.
Citigroup deactivated some credit cards on Thursday and told the affected customers that it had been informed of a security breach at a retailer, according to one person whose credit card was deactivated.
Citigroup's customer service representative would not identify the merchant, the affected customer said.
Citigroup spokesman Sean Kevelighan said in an email that there was "no specific incident causing the re-issues," but said that Citigroup often reissues credit or debit cards "due to a security concern reported at a merchant or merchants where the customer used the card."
He added that merchant security breaches increased in 2010, "and as a result, we are seeing a higher amount of fraud trending. This increasing trend has prompted us to re-issue a larger amount of cards."
Separately on Thursday, Bloomberg reported that Bank of America sent some customers new debit cards this week, "after accounts may have been compromised at a merchant."
Spokeswoman Betty Riess told American Banker that B of A did not necessarily know which merchant was responsible for the breach. The banks receive information on potential fraud from card networks Visa Inc. and MasterCard Inc., but those alerts do not include the names or locations of the merchants where the fraud takes place, she said.
Riess would not say how many cards Bank of America had reissued or whether the bank's credit card customers were also affected.