Immediate access to new debit cards is one of the new consumer-friendly developments to emerge, providing quick relief for many after the enormous theft of debit card numbers this month from retailer Target.
“Yes, it is a relatively new development, coming out in the past couple of years,” said Greg McBride, a senior analyst at Florida-based Bankrate, a consumer-finance publishing and research firm.
Real-time card replacement at a branch is much more convenient than the previous state of the art: the week to 10 days via telephone and postal mail, with new card and new PIN delivered via separate mailings at least a day apart.
Further motivating instant card replacement was the security breach at Minneapolis-based Target, operator of about 1,900 mass merchandise stores, including 14 in Nebraska. Target acknowledged last week that cybercriminals stole as many as 40 million debit and credit card numbers used in stores from Nov. 27 through Dec. 15.
McBride said card-issuing banks are offering services such as instant replacement and round-the-clock fraud monitoring out of self-interest: They want people to use their debit cards with confidence.
“They don't want any hesitation,” McBride said. “And the reality is, criminal fraud is not unique to the financial sector or the online sector. It is present in daily life.”
The Target debacle is the largest U.S. financial-data lapse since 2007, when TJX Cos., operator of T.J. Maxx, Marshalls and HomeGoods stores, said 90 million debit and credit accounts had been compromised.
It has been much easier for people wanting to replace their cards this time around.
At SAC Federal Credit Union, the largest credit union in Nebraska, customers can get a replacement debit card lickety-split at any of the 20 or so branches. SAC Federal has equipped all of them with the proper machinery, said Vice President of Operations Robin Larsen.
“We are bearing the cost of the new cards and the overtime associated with it — we have had lines out the door,” Larsen said. “Financial institutions also eat the cost of the fraud.”
In most cases, customers bear no responsibility to pay for fraudulent transactions. “If the customer has not authorized the transaction, in most cases they would assume zero liability,” said Christine Wendlandt, vice president at Lincoln-based Pinnacle Bank.
Wendlandt said her bank and most large ones have a constant behind-the-scenes robot ticking away 24/7 on fraud. At Pinnacle, the fraud detection software evaluates customer purchase histories and fraud patterns to identify “uncharacteristic activity.”
That can be triggered by purchases that are outside of the geographical area of those made routinely, or for higher-than-normal amounts, or for goods or services that don't fit the card owner's history, Wendlandt said.
“If fraud is suspected, customers are notified,” Wendlandt said. “If they are going to travel or conduct an unusual transaction, it is suggested they contact us ahead of time.”
At Pinnacle, there are no additional fraud-monitoring services behind the curtains; some banks are offering such protections for an additional fee or for customers with high balances.
“I know that some banks do, but it's something we have chosen not to charge our customers for,” Wendlandt said.
As for monitoring services that charge a fee for fraud and credit-score alerting, opinion is divided. The services can cost as much as $180 a year. Some experts say it is only worth it if a consumer has reason to believe identity information such as a Social Security number or driver's license number is already circulating on the Internet. Others say a service that surveys all three major credit-scoring companies is the best way to be alerted of an identity thief opening unauthorized credit accounts.
Target plans to offer free credit monitoring to all affected customers, the company said. Target also offers the option of automatic alerts whenever a customer's Target REDcard is used.
News about the security breach is still developing. Friday, Target said customer PINs associated with the purloined card numbers were also stolen as part of the heist; they were removed in their encrypted state, Target said, and the key to unlock them remains secure in the separate computer servers of the retailer's payment processor.
Target officials also have told customers that the retailer has shared the information on affected credit and debit card information with the processors, which in turn have shared with issuing banks. Still, officials asked consumers to closely monitor their statements for suspicious activity.
Card-issuing banks are following developments closely.
“Any debit card and credit card accounts that were identified as potentially compromised following the recent Target breach are being closely monitored by First National Bank for any suspicious activity,” said Kevin Langin, spokesman for First National Bank of Omaha, the largest bank based in Nebraska.
First National of Omaha offers instant replacement debit cards at six branches. They are 12th and Howard Streets, 132nd Street and West Center Road and 84th and Frederick Streets in Omaha; 72nd Street and Highway 370 in Papillion; Interstate 29 and Highway 92 in Council Bluffs; and 84th and Holdrege Streets in Lincoln.
Consumer finance analyst McBride, of Bankrate, said fiascoes such as Target's motivate predictable amounts of hue-and-cry. He said frustration and anger are understandable, to a limit.
“In most cases, the consumer pays nothing in these types of crimes,” he said. “It's not the same with cash or valuables. If you lose cash, no one is on the hook but you.”