Fraud concerns lead to reissue of debit cards in Michigan

Computerworld - The number of banks and credit unions concerned about a security breach at Wesco Inc., a Muskegon, Mich.-based convenience store chain, is growing.

Fifth Third Bancorp today confirmed that it is reissuing debit cards to a "limited number" of customers in Michigan because of fraud concerns. Letters to the affected customers started going out on Tuesday.

A spokeswoman for the bank said the move was precautionary, not a response to any actual cases of fraud.

"We were notified by MasterCard of a number of cards being potentially compromised" by a security breach at a retailer, said Stephanie Honan, a spokeswoman for the Cincinnati-based bank, which manages over $105 billion in assets. "We put those cards through our monitoring system, and we felt that we should reissue them. We were not forced to reissue them" because of any actual fraud, she said.

Honan refused to disclose how many cards were being blocked and reissued, though a local media report pegged the number in the "thousands."

As is usually the case, MasterCard Inc. did not disclose the name or the location of the retailer where the breach occurred, so it is not possible to confirm whether the compromise was related to the Wesco breach, Honan said. "The timing may make it seem that way, but we were not told," she said.

A spokesman for MasterCard confirmed that the company is investigating a potential security breach involving a Michigan retailer. MasterCard has notified the affected banks to watch for any suspicious account activity "and to take the necessary steps to protect cardholders," the spokesman said in an e-mailed statement.

"MasterCard is concerned whenever cardholders are inconvenienced, and we will continue to monitor this event," the statement said.

Fifth Third is among several banks and credit unions in the Muskegon area that have been forced to block and reissue credit and debit cards because of fraud concerns that appear to be related to a breach at Wesco that occurred between July 25 and Sept. 7. A statement posted on Wesco's Web site said the company is investigating the possibility of credit card fraud associated with card use at its stores. Both the U.S. Secret Service and the U.S. attorney's office are investigating the breach, Wesco said.

Wesco itself has not offered any explanations as to how the breach may have occurred. But very often such data compromises involve security breaches at point-of-sale (POS) systems, said Avivah Litan, an analyst at Stamford, Conn.-based Gartner Inc.

"Four out of five data breaches are happening at the point-of-sale system," Litan said. Especially vulnerable to such breaches are systems at convenience and grocery stores, as well as gas stations, she said.