Money & Company

Tracking the market and economic trends
that shape your finances.

« Previous Post | Money & Company Home | Next Post »

Bank of America replacing 'compromised' debit cards

May 10, 2011 |  6:34 pm

Bank of America Corp. is replacing some debit cards with new cards, saying customer information may have been compromised.

The bank would not disclose the extent of the possible data breach or breaches involving the debit cards, which allow customers to pay for goods and services by immediately accessing funds in their checking accounts.

BofA Sign-RTS-Lucas Jackson Two L.A. Times staffers said Bank of America contacted them Monday about potential problems with their debit cards.

One received an email that said the bank had "detected irregular activity." The email provided an 800 number at which an employee said, "Your card was part of a mass compromise," probably at a merchant where the cardholder had done business. 

The bank canceled the old card despite there being no sign of unauthorized use, the Times staffer said.

The other Times staffer received a new debit card in a letter that said the old one would be blocked after five days because the account might have been compromised.

In an interview, Bank of America spokeswoman Betty Reiss said the company does not disclose the scope of data breaches or discuss their details.

Reiss said the employee at the 800 number had been mistaken in describing a "mass compromise," but would provide no information on how the bank defines that term or how often its customers become victims of debit card fraud.

Bank of America notifies affected customers, as it has been required to do under California law since 2003.

"Through our fraud monitoring and based on information we receive from the card associations [such as Mastercard and Visa], we will notify a customer and block and reissue their card if we believe their card information has been compromised at a third-party location," Reiss said in an email. 

"We take these proactive steps to protect our customers from fraud," she said, adding, "Information we receive from the card associations does not include merchant name or location and we would not have that information to share with a customer."

Beth Givens, director of the Privacy Rights Clearinghouse, a San Diego nonprofit that tracks financial data breaches, advised bank customers to avoid using debit cards. 

Because identity thieves can use debit cards to drain checking accounts, cardholders can be left without any ready cash, she said. Banks say they'll replenish funds lost to fraud, but it sometimes takes them as long as a month to investigate thefts and replace customers' money, Givens said.

What's more, she added, the legal protections for victims of debit card fraud are weaker than those for credit card holders.

"The banks really push debit cards," she said in an interview, "but we suggest that people use cash or credit only."


Sony confirms financial data stolen from 24.6 million customers in PlayStation hack attack

Bank of America settles Countrywide data theft suits

After ID theft, free fraud protection is worth it

-- E. Scott Reckard 

Photo credit: Reuters / Lucas Jackson