RAPID DEBIT CARD REISSUES REDUCE EXPOSURE

AVON, Conn — APR 7, 2004 — The news was not good: Debit card information had been stolen from a national merchant. The response was not easy to swallow: reissue thousands of debit cards. But the result was worth the effort: these compromised debit cards would have a much smaller impact on banks that quickly reissued their cards and denied transactions processed against the old cards.

“Our processing partners did an outstanding job of helping us mitigate potential losses to the bank and its customers,” said Susan L. DeFeo, Senior Vice President, of Retail Banking and Operations for $796M Woronoco Savings Bank in Westfield, Mass. “A full week after the breach was announced, many banks still didn’t know what they were dealing with.”

The situation came to light in early March when banks began to receive long lists of compromised cards from Visa and MasterCard. On March 11, banks throughout the region received reports of hundreds of compromised cards. Woronoco was hit with 2031 cards. Easthampton Savings Bank in Easthampton, Mass. received word on 1014 cards. Savings Institute in Willimantic, Conn. was alerted to 3023 cards. One day later, BJ’s Wholesale Club of Natick, Mass. announced that some of its debit card information had been compromised.

“It’s hard for a bank to take a hit like this,” said Traci Pollock, Operations Officer for the $512M Savings Institute. “We didn’t want to take the chance that we or our customers were going to incur liability for this incident.”

As a result, many banks decided to replace the compromised cards and to designate the old plastic as “hot cards.”

“This was not a small step, but it was certainly the most effective way for a bank to reduce its risk from compromised debit cards,” said Mark Shaw, First Vice President — Customer Service at COCC, a data processing service that specializes in community banks and credit unions.

As the data processor for Woronoco Savings Bank, Easthampton Savings Bank, and The Savings Institute, COCC was instrumental in creating information needed to reissue the banks’ compromised cards and to change the status of the old cards so that all transactions would be denied.

Shaw reported that 36 of COCC’s bank and credit union clients provided lists of compromised cards for reissue and/or status change. COCC then extracted the card records, assigned a new card number to each one, built new records in both the core accounting and electronic banking systems, and produced a file for each bank’s debit card production vendor.

“Given the number of cards we needed to produce in a very short time frame, we were very pleased to turn the work around as quickly as we did,” said Shaw. “This was an extraordinary effort by COCC staff.”

Staffers at COCC worked around the clock to produce 27,000 card records within three days of the banks’ requests. Lynn Starr, Vice President and Systems Officer for $583M Easthampton Savings Bank, said the reissue effort “helped us quickly gain a handle on a serious situation. We added an element of complexity to the job by requesting lower purchase limits on each compromised card. COCC came through.”

The Savings Institute’s Operations Officer, Traci Pollock, said, “we could never have gotten the cards reissued as quickly without COCC. We submitted our reissue file on Monday, and our customers had new cards in their hands by the following Wednesday. We were extremely pleased.”

A significant part of the reissue effort involved communicating with customers. COCC helped the banks distribute letters explaining the situation, worked with the banks to coordinate the arrival of the letter and new card, and then to deny service to the compromised old card.

Woronoco Savings Bank chose to delete the records for its 2,031 compromised debit cards. “The rapid turnaround on this effort and the interim ability to stop foreign activity on these cards was excellent,” said DeFeo.