Banks in South Carolina say they are issuing new debit and credit cards to customers as a result of the massive Target store data breach during the Christmas shopping season.
A number of national banks have taken a wait-and-see stance on issuing new cards, but a number of regional banks and South Carolina community banks have adopted a more proactive course to deal with the data breach.
Target estimates that 488,000 debit and credit card accounts in the Palmetto State were affected by the high-profile theft of personal information that took place at the height of the holiday shopping season.
However, the retailer also said it is unable to definitively say how many South Carolina consumers were affected by the breach, according to the S.C. Department of Consumer Affairs.
Nationwide, Target has ratcheted up the number of credit and debit card holders affected to 70 million from the 40 million announced Dec. 19.
South Carolina bankers say the hacking, which has yet to be solved by Target but includes such stolen data as customer names, credit and debit card numbers, card expiration dates, PINs and the three-digit security code printed on the back of the cards, left them little choice but to re-issue bank cards, at whatever the expense.
“We did have some customers whose card numbers were compromised as a result of this,” said Toby Goodlett, First Citizens bank retail banking executive in Columbia.
Card issuer Visa notified the bank of the breach, which Goodlett said immediately notified its customers by mail and other means that their card numbers had been identified in the Target notification.
“From there, we took the stance on this one that we would re-issue all the cards,” Goodlett said. “Primarily because there were so many people that were impacted and so many variables, it was the most prudent decision for both our customers and the bank.”
Any customers who used their cards at Target during the time frame of the breach as identified by Target got new cards, said Goodlett, and other S.C. bankers.
Customers then must take a very important step, he said. “If you have received a new card, activate it,” Goodlett said. “That is one of the biggest challenges – getting customers to activate the new card.” The bank follows up new card issues with phone calls and other notifications to urge cardholders to activate their cards, Goodlett said.
SCBT, which is a major banker with offices in virtually all corners of the state, said it initially issued new cards on a case-by-case basis, but now will issue new cards to all its customers affected by the Target breach.
“A series of our customers have already called or visited our branches and have asked for their cards to be re-issued, and we are in the process of doing that,” said John F. Windley, SCBT president and chief banking officer.
“We are monitoring the ones that have not, but we have made the decision as a company that we will be notifying those additional customers that have not requested a new card, that we will be re-issuing them a new card, so that they won’t have to worry.”
Windley said information stolen in data breaches does not always turn up immediately, but sometimes six to nine months after the theft actually occurred.
“What we don’t want our customers to do is to have that anxiety for an extended period of time and know that they’ve got to be constantly looking at their accounts and monitoring their accounts, when we’ll just go ahead and re-issue so there won’t be that level of anxiety with our customers,” Windley said.
NBSC, which has operations in 25 markets in the state and in Georgia, Florida, Tennessee and Alabama, took a proactive approach to the Target crisis.
“We decided to re-issue cards to those customers to protect them,” said Chuck Garnett, president and CEO of NBSC, a division of Synovus Bank, which affected thousands across the region, he said.
Palmetto Citizens Federal Credit Union, one of the largest credit unions in the Midlands, posted a message on its website saying cards issued by the institution and affected by the breach were blocked from use as of Friday, Jan. 10.
“Members that used their debit and credit cards during the timeframe have been contacted by letter and issued new cards and PINs, if needed,” the website says.
Along the South Carolina coast, South Atlantic bank also said it issued new cards in the wake of the Target data breach.
“As the news (of the Target breach) was breaking on Dec. 18, we were already starting to plan how we would respond to this breach, and we decided that we would re-issue cards,” said Barbara Marshall, marketing vice president.
The company, founded in 2007, with offices in Myrtle Beach, Pawley’s Island, Murrell’s Inlet, Georgetown and Mount Pleasant, produced new debit cards in-house for quicker turnaround, Marshall said, and the company will also foot the cost of contracting out for new credit cards to issue.
“It is a very expensive proposition for the bank to re-issue cards,” said Fred Green, South Carolina Banking Association president and CEO. “Depending on the time in which they do it and the way they deliver those new cards to their clients, it could be as high as $50 per card.”
The association represents banks with 99.9 percent of the bank deposits on file in the state.
“It’s a very expensive proposition and those banks that have chosen to re-issue have done it so that they reduce the risk of their clients’ credit or debit cards being used as an instrument of a fraudulent transaction,” Green said.