It’s a given today that technology has enabled sophisticated thieves to pull off heists they never could have before, but fortunately banks can deploy equally sophisticated technology to mitigate their losses and protect customers.
The $462 million StonehamBank was just one of many community banks to deal with the fallout from the holiday shopping season data breach at mega-retailer Target when it learned that 900 of its customers’ cards, about 10 percent of its total card base, were compromised in the attack.
"The Target compromise was unique in the time period in which it happened. It was Nov. 24 through Dec. 15," said Rule Loving, assistant vice president of operations at StonehamBank. "Usually when we get these compromises, they’ve been happening for a year and a half, or two years. Once they discover the compromise, often the hackers have been in there for a long period of time … But Target was really pretty unique because the vast majority of cards were still active. Very few had been used in this compromise."
Loving said the bank used the software program FoxtrotOne to automate its recovery process and minimize losses from the breach.
Once the bank received a list of the 900 potentially compromised cards, Loving said, it cross-referenced that with its data warehouse to see which were still active and then entered two scripts into Foxtrot. The first script ordered the reissuing of compromised cards, and the second put user codes and other identifying information on the card in the greater system so that users looking in the system could identify whether a particular card had been compromised.
The bank sent letters and then emails to those customers whose cards had been potentially compromised. He said the bank also shut off signature transactions for potentially compromised cards but left PIN transactions intact, so customers could still use their cards.
The Target data breach is hardly the first time the bank used this regimen. StonehamBank has been refining and using this process since the infamous TJMaxx breach seven years ago, but given the circumstances, Loving is pleased with how the bank was able to handle it.
"In about six hours, we had all 900 cards reissued and ready to go and we didn’t have to bring in 20 people to do it," he said. "It’s just a question of how quickly and efficiently can you implement your process."
