ACU : News Archive

December 13, 2005
(Tuscaloosa, Ala.) Alabama Credit Union President Steve Swofford spoke quickly to clarify a Dec. 13 story in The Tuscaloosa News about the debit and credit card breach revealed recently by Sam’s Club, a division of Wal-Mart Stores, Inc. “The story could be read that only members of Alabama Credit Union were affected. Actually, many shoppers who purchased gas at Sam’s Club stations between Sept. 21 and Oct. 2 were victims of a data security breach,” Swofford said.

“Alabama Credit Union acted quickly last week to get word to our 500 members who were affected, although no fraudulent transactions have yet occurred to our members’ accounts. We are aggressively blocking and reissuing the cards – a process made less inconvenient for our members because we have recently installed instant-issue debit card equipment,” said Swofford. “We are certain, in the coming days, more card issuers and financial institutions will be contacting their cardholders to take similar action to prevent fraudulent transactions from occurring. We’re aware of at least one large financial institution in Alabama that has more than 4,000 cards affected, but they have made no public announcement yet.

“Alabama Credit Union issues only VISA cards, but this breach affected MasterCard accounts, as well, and many, many cardholders, card issuers and financial institutions,” Swofford pointed out.

Sam's Club, in an announcement Friday, said the electronic systems and databases used inside its stores and for its Web site are not involved. The data breach came to light when several card issuers received reports from cardholders of fraudulent charges on their statements, according to a press release. An American Banker Online article published Dec. 7 stated that so far, the frauds reportedly affect hundreds of customers and occurred in Illinois, New York, Maryland, California, Spain and Korea.

Approximately 600 Cardholders Who Used Their Visa or MasterCard to Buy Gas are Known to be Impacted

BENTONVILLE, Ark., Dec. 2 /PRNewswire/ -- SAM'S CLUB announced today it is working closely with Visa and MasterCard to investigate credit card fraud affecting cardholders who purchased gas at SAM'S CLUB stations between Sept. 21 and Oct. 2, 2005. SAM'S CLUB stressed that the electronic systems and databases used inside its stores and for http://samsclub.com are not involved.

The investigation began when the credit card issuers reported that some cardholders were reporting fraudulent charges on their statements. It is still in its preliminary stages, with no determination on how the data was improperly obtained. "The primary concern at SAM'S CLUB is the protection of our members," said Executive Vice President Mark Goodman. "We will do everything possible to make sure their private information is protected from unauthorized use or disclosure."

SAM'S CLUB is working with Visa and MasterCard to identify and hold accountable those responsible for the fraud. The company also has notified the U.S. Attorney's Office for the Western District of Arkansas and the United States Secret Service and asked for their assistance in the investigation.

EXTREMELY URGENT MESSAGE
Alabama Credit Union has received notice from VISA that a third-party merchant has recently been the target of an attack by computer hackers. During this breach, hackers obtained detailed debit and credit card information on a very large number of accounts. Unfortunately, 500 debit cards and credit cards issued by Alabama Credit Union were part of the accounts compromised in this incident. Regrettably, this means that it is almost certain these criminals will eventually attempt to duplicate these cards in order to make fraudulent charges using the duplicates.

Please contact Alabama Credit Union immediately to make arrangements to block your card and to get a new one. We can instantly issue a new card to you at our main branch in Tuscaloosa, or at our Huntsville office located on the UAH campus. If you cannot stop by either of these offices, please call us at the numbers below and we can have a new card to you in about 7 to 10 days.

Unfortunately, this breach has occurred during the busiest time of year for shopping. We understand that being without your card may present a difficulty. We will make every effort to accommodate your schedule and seasonal travel plans, and hope to minimize any inconvenience to you. While none of our members have had any fraudulent transactions on their accounts as a result of this incident, we have received information from VISA which indicates that fraudulent transactions are inevitable. Therefore, should we begin to see fraudulent transactions resulting from this breach, we will have no alternative but to immediately block all cards and reissue them. Please contact us as soon as possible so that we can prevent that situation from arising.

Please contact our call center at 205-348-5944 as soon as possible. We will make arrangements to get a new card to you as quickly as possible. If you have not contacted us by January 3, 2006, we will block your card and issue a new one to you by mail.

For more information about this incident, please review the “Frequently Asked Questions” PDF file, and contact our Card Services department at (205) 348-3880 or (888) 817-2002.

BENTONVILLE, Ark. (12/8/05) – Sam's Club says it is working with Visa and MasterCard to investigate credit card fraud affecting debit and credit card holders who purchased gas at Sam's Club stations between Sept. 21 and Oct. 2.

The company, a division of Wal-Mart Stores Inc., in an announcement Friday, said the electronic systems and databases used inside its stores and for its website are not involved.

The data breach came to light when several card issuers received reports from cardholders of fraudulent charges on their statements, according to a press release.

So far, the frauds reportedly affect hundreds of customers and occurred in Illinois, New York, Maryland, California, Spain and Korea (American Banker Dec. 7).

"It is unfortunate that another large merchant's database has been compromised," said Corinne Sherman, Pennsylvania Credit Union Association vice president, card services. "This merchant was again storing both tracks of the magnetic stripe and the potential is present for counterfeit cards to be created."

Sherman advised credit unions to carefully consider their options. "As always, the most expensive option--but the option that provides the most protection--is to block and reissue the affected accounts. Other credit unions may choose not to block the accounts, but to effectively utilize the fraud preventative measures that are already in place, such as neural network monitoring, monitoring daily authorization reports, etc." (Life is a Highway Dec. 7).

Visa reported that any Compromised Account Alerts are to be considered compromised. "As with other data exposure incidents, it is probable that only a smaller subset of the population of potentially exposed data has been taken and will be used to commit fraud."

Recent breaches at B.J.'s Wholesale Co., and card payment processor Card Systems Solutions potentially compromised millions of cards. Those incidents resulted in credit unions reissuing cards for thousands of members.