T&T banks on alert after credit card security breach

[Erica Absetz <eabsetz () opensecurityfoundation org>]

(Trinidad Guardian) Commercial banks across T&T have been put on alert
after a security breach which has put large numbers of Visa and
MasterCard debit and credit cards across the Caribbean at risk. The
breach came to light after a nationwide credit-card recall across
banks in the Bahamas in late February.

Financial institutions there were on high alert as they scrambled to
protect the funds of thousands of consumers whose credit cards were
compromised by a major data breach. As a result, banks in the Bahamas
had to reissue thousands of cards.

The Caribbean Association of Banks (CAB) issued a security alert
yesterday, saying banks and other financial institutions had been
affected by the breach at a data centre in Barbados, where sensitive
information on the accounts of thousands of cardholders was stolen.

CAB advised cardholders that “out of an abundance of caution” banks
and credit unions might be contacting customers to have their cards
replaced. It stressed that those measures were precautionary as no
fraud had yet been detected.

“Our member banks and other financial institutions throughout the
region take client confidentiality and security very seriously and
provide assurance that customer interest remains soundly protected,”
CAB said in a statement.

The association added those measures were precautionary and no fraud
had been attributed to this case. The CAB has members in 17 Caribbean
countries, including T&T. Regional media reports said the unnamed
international card-processing facility in Barbados had been hacked
last month.

The Antigua Observer reported last week that four local financial
institutions had been affected by the security breach, though no cases
of fraud had been reported. They were Eastern Caribbean Amalgamated
Bank, Antigua & Barbuda Investment Bank, HSBC and Caribbean Union
Bank.

An Observer story quoted Jessel Gadsby, general manager of the St
Kitts-based Caribbean Credit Card Corporation, as saying: “I believe
it is nearly all of the banks in the Caribbean, certainly all of the
banks in the Eastern Caribbean have been impacted by it.”

In the Bahamas, Anwer Sunderji, CEO of Fidelity Bank, was reported as
saying: “All Bahamian banks had their card data compromised. This
theft took place elsewhere and we were notified by Visa on Friday.”

Paul McWeeney, the managing director at Bank of the Bahamas, said
credit-card companies and the Central Bank had called financial
institutions to warn them of the breach. His bank was replacing at
least 2,000 credit cards and Commonwealth Bank Ltd said it might have
to reissue up to 5,000.

A Dominican Web site published a statement issued by the National Bank
of Dominica (NBD) to assure customers it was taking steps to prevent
their accounts from being affected by the security breach. The
statement said: “The breach affected multiple banks around the region,
including NBD. The information provided from our card processor
indicated a number of our cardholders were potentially compromised as
a result of the breach. “In an effort to protect our customers from
potential fraudulent attempts, we took immediate action to block the
affected cards and reissue new cards.”
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.