Bank Watch Security Network spreads alerts on unauthorized transactions in the wake of last year’s cyberattack
The South Carolina Bankers Association has created a statewide network to track fraud transactions of bank accounts compromised by the hacker breach of the S.C. Department of Revenue. The Bank Security Watch Network is a mechanism to share unauthorized transactions – but not personal identification – on any compromised account of the state’s 82 banks and 80 credit unions. In a critical step making the network possible, SCBA got a court order to allow the revenue department to provide each bank with a list of accounts at risk so they can be flagged for heightened screening for unauthorized transactions.
“That was extremely important because without that, each bank wouldn’t know which accounts were compromised and which weren’t,” said Fred Green, SCBA president and CEO.
The action was prompted by the cyberattack of the revenue department that gave hackers access to approximately 3.8 million Social Security numbers, 387,000 credit and debit card numbers, and checking account and bank routing numbers of taxpayers who have filed electronically for direct deposit of state income tax refunds. Information dating to 2008 was stolen.
It is believed to have been the most massive breach of any state’s data, and subsequent inquires by the Legislature have found security of the site wanting.
SCBA Steps into Breach
“At stake are two risks,” said Green. “One is identity theft, and there is very little the banking industry can do to prevent identity theft. That’s why the state has a contract with Experian to monitor those who sign up.
“The second risk is fraudulent transactions on bank accounts, and that is directly associated with the banking industry. There is nobody else out there that can help mitigate that risk.”
Green said the network covers 99 percent of all the state’s bank deposit customers and 100 percent of credit union customers.
An early alert of untoward activity on one account gives all other institutions notice of the characteristics of the unauthorized transaction so they “can keep it from happening in their particular bank if there is something with the same characteristics,” he said.
The network is designed to counter the typical fraudulent modus operandi of hitting thousands of accounts with low-volume dollar amounts at one time. “If each attempt was different and unique, then this particular forum would not be what it is designed for,” Green said.
Each bank and credit union enrolled in the program has received a list of compromised
accounts. Each received a handbook from the SCBA on how to use the information, and a training session is scheduled.
Flagging At-Risk Accounts
“Every bank is different by process, but we suggest that each of those accounts that were compromised that the bank would put a flag on it of some type to identify it as one that was compromised,” Green said.
The SCBA also suggests that each bank set up system so customers can find out from their bank if an account is on the list or not and provide guidance on how to protect their money.
In a small-sample survey of community and large national banks operating in the Upstate, UBJ found the community banks proactively are using the information to inform and assist customers with at-risk accounts.
The two large banks questioned, Wells Fargo and TD Bank, publicly provided only scant details of their customer outreach, saying they are working with the SCBA and have as a priority the protection of the security of accounts.
TD said it would waive charges associated with closing accounts and opening new ones.
Wells Fargo and TD said it is the state’s responsibility to notify customers of compromised accounts. The state is sending out notifications at
the rate of 100,000 per day. Consumers with questions are being directed to the state Department of Consumer Affairs (800-922-1594) or to the Department of Revenue website, sctax.org.
Community Bankers Step Up
At Carolina Alliance in Spartanburg, Palmetto Bank in Greenville and Greenville First in Greenville, bankers said they have either contacted or established ways for customers to find out directly from the bank if an account has been compromised.
“I’ve already sent you a letter telling you what happened,” said John Poole, president and CEO of Carolina Alliance. “We did that immediately when we got the list.”
He said many either came in or called customer service with additional questions and “a handful of people closed their accounts and opened new ones. We don’t encourage that, but if they want to do that, it is an option, and we take care of them.”
The 209 active Carolina Alliance accounts on the list “have been flagged for additional scrutiny,” Poole said.
Art Seaver, CEO of Greenville First and Southern First in the Columbia market, said the bank has been spreading the word and has set up a single point for information.
Palmetto Bank has flagged affected accounts – sorted by name and account number – so “anyone who touches your account,” whether in a branch or a call center, can tell customers their account was flagged, said Trish Springfield, retail banking executive.
Go First to Your Bank
“When you have a problem with your financial information, the first place you should go is your banker and ask them what you should do, how do I protect myself,” she said.
About 30 percent of Palmetto’s 50,000 active checking accounts are on the revenue department’s compromised list, she said.
“Of the active accounts, 96 percent are retail consumers. We did have some personal business accounts, but it was just 4 percent. Obviously, the dollars would be different because they tend to hold larger balances.”
Palmetto also created a multi-department response team to help any customer who “wants some help on the security side.”
Banks are willing to accommodate customers who want to close existing accounts and open new ones. The SCBA says that is an option but cautions of the inconvenience of needing new checks and debit cards and changing automatic deposit and withdrawal payment information.
The SCBA, as well as all banks, say the best protection is for customers to constantly monitor accounts and promptly report questionable activity to their banks.
Fraudsters Await Unguarded
“This is the world we live in,” said Springfield. “People need to be proactive in managing and protecting their information. The South Carolina data breach has raised awareness.”
Green of the SCBA said while there have been no reports of unauthorized transactions to date and it “may not happen ever or may not happen for a long time,” the fraud alert network is for the long haul.
Bankers are mindful that people who commit frauds from illicit access to personal information are patient.
“If it ever happens, it will be later years down the road before it does. I guarantee you the people who were involved in that know that everybody is looking,” said Poole.
“Without question, this will be a multi-year event,” said Springfield. “We recently heard of a client who had been the victim of identity theft. This client … lost her purse three years ago and just now the perpetrators were leveraging that information.”