Debit-card security breach traced to N.J. firm

The suspicious activity Piedmont Credit Union members have reported on their Visa-issued debit cards has been linked to an account breach at a New Jersey-based payment processing firm.

More than two dozen credit union members had reported fraudulent purchases on their cards by Wednesday afternoon, Piedmont Credit Union President Tom Shields said. The activity was from a source outside the credit union, he added.

The problem originated at Princeton, N.J.-based Heartland Payment Systems, a firm that handles credit-, debit-card transactions, payroll, check management and payments solutions for more than 250,000 business locations in the U.S., according to a news release from the company.

"We don't have any business affiliation with Heartland," Shields said Wednesday. But a firm that processes credit/debit transactions for Piedmont Credit Union, Fiserv EFT, has an affiliation with Heartland, he said.

"We found evidence of an intrusion last week and immediately notified federal enforcement officials as well as the card brands," Robert H.B. Baldwin Jr., Heartland president and chief financial officer, said in a statement. "We understand that this may be the result of a widespread global cyber fraud operation, and we are cooperating closely with the United States Secret Service and Department of Justice."

Piedmont is notifying its customers of the breach through its Web site, www.piedmontcu.org. About 1,200 of Piedmont's members have debit cards and about 700 bank online, Shields said.

For customers who report the fraudulent purchases, Piedmont "hot cards," or disables, their cards and issues new ones, he said. The credit union is immediately reimbursing members reporting the transactions on their cards, instead of waiting for Visa to refund Piedmont, Shields said.

So far, the credit union's reimbursements have been less than $500 per member, he said.

To help avoid unwanted access to accounts, Shields advises Piedmont members to sign up for Internet credit-union access or call 1-877-768-5405 for voice recognition banking. Both options allow for more up-to-date transaction access. Customers with debit cards from area banks may want to double-check account statements for suspicious transactions or call their financial institutions and inquire about their transactions.

Officials at several banks, including American National Bank, Virginia Bank & Trust, and Bank of America, said they heard no customer reports of suspicious activity on their debit cards. A message left at the United Rubber Workers credit union was not returned Wednesday.

To find out more about the breach, go to www.2008breach.com, a site Heartland created regarding the incident.

• Contact John R. Crane at jcrane@registerbee.com or (434) 791-7987.