Card Reissued Because Of A Breach? Good Luck Finding Out Where The Hack Happened

Image courtesy of frankieleon)

When a massive data breach happens at a retailer like Target or Home Depot, there’s little mystery as to why your bank is rushing you a new credit or debit card. But when your card is being replaced because of a lower-profile cybercrime, the odds are against you ever finding out why. 

Instead, you’re more likely to go to your mailbox and find a vague explanation that your account may have been “compromised” without any details on how, where, or why.

Those were the questions posed to the Cleveland Plain Dealer’s Money Matters column recently by a reader who was notified by AAA Financial Services, through Bank of America, that their AAA Member Rewards Visa card was compromised at a retailer and that a new card would be issued.

“So, I thought to protect myself, I would try to find out where the data compromise took place,” the reader says. “But, after trying to talk twice to Bank of America and also Visa, I’ve been told that no one has this information.”

While it’s not true that no one has information on the breach — the card associations for Visa, American Express, Discover, and MasterCard know — the Plain Dealer reports there’s a reason no one is providing specific information on the breach to customers: confidentially agreements.

These agreements, which are typical between credit card issuers, banks, and other companies, prohibit the disclosure of when and to whom a data breach has occurred.

But even without these agreements, the chances you’d be able to find out what previously visited merchant was breached is virtually zero.

Krebs on Security, which covers data breaches and fraud of all kinds, notes most banks don’t even know who’s been hacked. Instead, they issue new cards based on a list of compromised account numbers provided by the card association.

So instead of beginning a “fruitless” search for what company you visited was breached, Krebs suggests customers “keep a close eye on their card statements and report any fraud” to their banks.

When your credit card is reissued because of a data breach, why won’t your bank tell you where the breach happened?: Money Matters [The Plain Dealer]
How Was Your Credit Card Stolen? [Krebs on Security]