Piedmont Credit Union fraud report expands nationwide

See USA Today story

Official Report

PRINCETON, N.J. (AP) — Payments processor Heartland Payment Systems Inc. said Tuesday its system used to process Visa, MasterCard, American Express and Discover Card transactions was breached last year, but asserted that merchant and customer data were not affected.
Robert H.B. Baldwin Jr., president and CFO, said the company found evidence of an intrusion last week and immediately notified federal law enforcement officials as well as Visa and MasterCard.

Heartland, based in Princeton, N.J., said the breach did not involve merchant data, cardholders’ Social Security numbers, unencrypted personal identification numbers, addresses or telephone numbers. And the company said none of its check management or Canadian or payroll systems or the recently acquired Network Services and Chockstone processing platforms were affected.

Baldwin said in an interview that the only information breached were card numbers and cardholders’ names, or one or the other.
Heartland said it was alerted by Visa and MasterCard of unspecified suspicious activity surrounding processed card transactions and enlisted the help of auditors to investigate. The investigation last week uncovered “malicious software” that compromised data in Heartland’s network, it said.

“We understand that this incident may be the result of a widespread global cyber fraud operation, and we are cooperating closely with the United States Secret Service and Department of Justice,“ Baldwin said.
Heartland is increasing security in its systems and will establish a program to flag “network anomalies” as they occur and enable law enforcement to arrest those suspected of interfering with computer systems.

Heartland also has established a Web site, http://www.2008breach.com, to provide information about the incident and advised cardholders to examine their monthly statements and report suspicious activity to their card issuers.
Cardholders are not responsible for unauthorized fraudulent charges made by third parties.

By DENICE THIBODEAU
Register & Bee staff writer

About 15 members of Piedmont Credit Union reported fraudulent purchases on their Visa-issued debit cards Tuesday, according to credit union president Tom Shields.

Shields said people reported money missing from their account for purchases they did not make with their Visa-issued debit cards. He said the fraudulent purchases are not connected to the credit union’s ATM cards.

“Most of the purchases were made in Florida,” he said, adding that many of the purchases were made at gas stations.

The incidents are being investigated to find out where the security breach is — within the credit union itself or one of its outside contractors that deals with various aspects of credit/debit card transactions, Fidelity Credit Card Processing or Fiserve EFT, Shields said.

He said that anyone who has had fraudulent purchases made with their debit card should immediately report them so the card can be cancelled and a new one issued. Members of Piedmont Credit Union who wish to report fraudulent activity can call 1-800-554-8969.

The next step a member should take, Shields said, is to come to the credit union and fill out a fraud affidavit.

“Once that is signed, we will immediately replace any missing funds,” he said.