Over the past year, there has been an increase in online financial crime directed toward
businesses utilizing online banking services. Criminals are hacking into company PCs,
accessing online credentials to conduct transactions and walking away with thousands of
dollars.
In this case, the perpetrator gained access to a PC that had a lapse in its antivirus
software coverage. The PC was then infected with malware (malicious software) known as a
Trojan Horse. With the malware, the hacker was able to obtain the customer’s Internet
banking login IDs and passwords, along with details on a recently submitted ACH file.
Posing as a bank employee, the perpetrator called the customer and indicated that the
bank conducts periodic audits needed to confirm a recent ACH transaction. The
perpetrator then asked the customer for the single-use password that appeared on their
security token. The customer complied with the request and the hackers then had all the
information needed to immediately originate an ACH file with multiple payments to
various accounts outside of the bank. The loss to the customer could be significant.
At INTRUST Bank, one of our most important jobs is to ensure that electronic communications
between you, our customer, and the Bank are handled in a safe and secure manner. Our online
banking services, including our ACH and wire transfer modules, were designed with multiple
layers of security to protect you and your bank information. Even with our extensive
security, we strongly encourage our customers to be as vigilant as possible when banking
online. Below are some important tips that we encourage you to follow:
ACH fraud is now becoming as prevalent as check fraud has been. Below are additional procedural
steps INTRUST Bank can assist you in taking to protect your accounts from both ACH and check fraud:
INTRUST Bank will soon be providing an educational opportunity on this matter and hope that you
consider taking advantage of it. If you have technical questions about your online banking program,
please contact Treasury Services at 316-383-1494 or 800-905-6630. If you have questions or would like
to visit about the protection programs available, please contact Treasury Management at 316-383-1255
or 800-895-2265.
Earlier this year, Heartland Payment Systems, Inc., a Princeton, NJ-based payment
processor, announced a security breach that exposed account information. This breach
may have placed INTRUST credit card holders at risk for fraud.
Because INTRUST takes every precaution to protect your account information, prior
to renewal time we are reissuing credit cards that were put at risk. If your card
was impacted, you will be notified by letter. Your new credit card(s) should arrive
within 10-14 business days from the date of the letter.
To protect yourself, you should always monitor your monthly statements to ensure
transaction information matches your records. If you have OnLine Banking, you can
monitor your account on a daily basis at
intrustbank.com.
If suspicious activity is detected, notify us immediately. Also, remember Visa’s
Zero Liability Policy protects you against any unauthorized purchases. Visit
visa.com/security for more information.
For additional information or to discuss your account, please call us at 316-383-1680
or 800-828-9101, Monday through Friday, 8:00 a.m. to 6:00 p.m. (CST).
Q & A
Why did I receive a letter advising me that my credit card is being renewed early?
Heartland Payment Systems, a Princeton, NJ-based payment processor, announced a
security breach earlier this year that revealed certain account information. We
were notified by VISA that some of your credit card information may have been exposed,
which is why we are proactively reissuing your credit card prior to your renewal
time.
What information was exposed?
Card numbers, expiration dates and CVV numbers. Personal information such as Social
Security numbers, addresses and telephone numbers were not involved in the incident.
How could this have happened?
When your card number is used to make a purchase, the information is transmitted
through multiple payment systems. A hacker may have gained access to your card information
through one of those entities in the payment network, including Heartland.
If card numbers were exposed why am I not receiving a new credit card number?
Card numbers alone are not enough for fraud to occur. In order to minimize the impact
to our customers, reissuing your credit card prior to your renewal time is the best
and most secure option. You will receive a new card with the same number, but your
expiration date and other security information contained in the mag stripe will
be different.
Please be assured we are monitoring the activity on your account to
protect you from fraud. Please continue to monitor your account activity and contact
us if you notice any unauthorized purchases. It’s also important to note
that in the rare event fraud does occur, as a Visa cardholder you are protected
with Visa’s Zero Liability* policy, which means you pay nothing for unauthorized
purchases on your account.
Why did you wait so long to reissue my card?
To avoid as much inconvenience or disruption to you as possible, INTRUST took time
to understand the risk and review all options before making a decision that would
impact customers. At this point, the accounts affected are actively being targeted
for fraud and it has become necessary to renew these accounts early.
I have authorized users on my account. Will their cards be renewed early too?
All owners and authorized users on affected accounts will have their cards renewed
early. If you share your account with another owner, your cards will come together.
Authorized users will receive their card separately.
I recently noticed fraud on my account. Is this fraud related to the recent incident?
It is unclear whether this fraud is related to the incident in question. It is important
to know that regardless of where the fraud occurred, you are protected by Visa’s
Zero Liability* policy and will not be liable for any unauthorized purchases.
Has the security breach been fixed?
Yes. The affected party continues to work with Visa and law enforcement to ensure
no further information is exposed.
Since my expiration date will be changing, do I need to notify any merchants I use
for automatic bill pay?
Yes. If you have charges that automatically bill to your credit card on a regular
basis, you must notify the provider that your expiration date has changed. This
will ensure your services are not cancelled or interrupted.
Will my Personal Identification Number (PIN) change?
The PIN will remain the same, if one was selected.
The letter states I should be receiving my renewal card(s) in 10-14 business days.
What if I don’t receive it within this timeframe?
If you have not received your new card within 15 business days from the date of
the letter, please call 800-828-9101 or 316-383-1680, Monday through Friday, 8:00
a.m. to 6:00 p.m. CT to speak to a customer service rep.
The numbers listed above are not the numbers I normally call with questions. Are
these valid numbers?
A special local and toll free number has been created to assist with this situation,
which is why they are different than the normal numbers you call for customer service
related questions.
I am enrolled in Rewards. Will my points be impacted?
No. Because your credit card number will remain the same, your reward points will
not be affected.
What are the chances that I become a victim of identity theft as a result of this
incident?
It is important to know there wasn’t significant personally identifying information
stolen, such as Social Security numbers or addresses, so we believe the risk of
identity theft is greatly reduced. However, it’s always a good idea to check your
credit report regularly for incorrect information. In fact, you’re entitled to one
free copy of your credit report every year at
annualcreditreport.com or by calling 877-322–8228.
If I become a victim of identity theft, how will you help to restore my good name?
In the unlikely event you become a victim of identity theft, Visa works with the
consumer network group, "Call for Action," to provide consumers with a toll-free
telephone hotline to assist identity theft victims. By calling (866)ID-Hotline,
victims can receive free and confidential assistance from trained counselors.
What are you doing to protect my personal account information, especially in this
case?
In partnership with Visa, INTRUST offers consumers multiple layers of security protection
against fraud, including Visa’s Zero Liability* policy, the ultimate protection
for cardholders. With Zero Liability, consumers are not responsible for any unauthorized
purchases made on their Visa cards.
What can I do to ensure this doesn’t happen to me again?
While we employ the latest systems and technology to monitor and prevent card fraud,
and many processors and merchants also take the necessary precautions to protect
your card information, there are some practical steps you can take to help protect
yourself:
- Check your account statement promptly and immediately report any transactions that
you don’t recognize.
- Destroy all receipts before discarding them since some of them may have your card
number printed on it.
- Guard your card — don’t use it as collateral or give out your card number to someone
on the phone, unless you initiated the call for a purchase.
- Check your credit report at least annually to ensure its accuracy.
- Register your card to use Verified by Visa and shop online with merchants that participate
in the Verified by Visa service. This provides additional protection against unauthorized
use of your card online.
Are there any other tips you can provide to reduce my chances of card fraud?
Yes. There are several actions you can take to protect your personal information.
These tips are also available at
visa.com.
DO...
- Shred all personal and financial information — such as bills, bank statements, ATM
receipts and credit card offers — before you throw it away.
- Keep your personal documentation (e.g., birth certificate, Social Security card,
etc.) and your bank and credit card records in a secure place.
- Call the post office immediately if you are not receiving your mail. To get the
personal information needed to use your identity, a thief can forge your signature
and have your mail forwarded.
- Be aware of your surroundings when entering your Personal Identification Number
(PIN) at an ATM.
- Limit the number of credit cards and other personal information that you carry in
your wallet or purse.
- Report lost or stolen credit cards immediately.
- Review and consider whether you need currently inactive card accounts. Even when
not being used, these accounts appear on your credit report, which is accessible
to thieves. If you have applied for a credit card and have not received the card
in a timely manner, immediately notify the appropriate financial institution.
- Closely monitor the expiration dates on your credit cards. Contact the credit issuer
if the replacement card is not received prior to your credit card's expiration date.
- Sign all new credit cards upon receipt.
- Review your credit reports annually.
- Match your credit card receipts against monthly bills to make sure there are no
unauthorized charges.
DON'T...
- Volunteer any personal information when you use your credit card.
- Give your Social Security number, credit card number or any bank account details
over the phone unless you have initiated the call and know that the business that
you are dealing with is reputable.
- Leave receipts at ATMs, bank counters or unattended gasoline pumps.
- Leave envelopes containing your credit card payments or checks in your home mailbox
for postal carrier pickup.
- Record your Social Security number or passwords on paper and store them in your
wallet or purse. Memorize your numbers and/or passwords.
- Disclose bank account numbers, credit card account numbers or other personal financial
data on any Web site or online service location, unless you receive a secured authentication
key from your provider.
*Visa’s Zero Liability policy covers U.S.-issued cards only and does not apply to
commercial credit cards, ATM transactions or PIN transactions not processed by Visa.
Cardholders must notify card issuers promptly of any unauthorized use. Consult issuer
for additional details or visit
visa.com/security.
A text phishing scam is currently circulating. Some INTRUST Bank customers have
reported receiving the fraudulent text messages, in which the offenders are trying
to coerce recipients into disclosing personal account information.
The text message claims that your card has been deactivated and requests that you
call a specific phone number to reactivate your card. Once the phone number is called,
you're prompted, via automated message, to provide your personal account information.
Offenders can use the information you provide to make fraudulent transactions.
If you receive such a text message, do not reply – neither by calling the phone
number nor by providing the information requested by the automated message. If you
already did provide your information, immediately contact the financial institution
of your potentially compromised account.
Remember, a legitimate company, including INTRUST Bank, will never request identifying
information from you via text message, e-mail or phone. This includes your Social
Security Number, account numbers, credit card numbers, PINs and passwords.