The data security breach at Home Depot will be costly for Arkansas-based banks, the president of the Arkansas Bankers Association said Monday.
Information from the debit and credit cards of Home Depot customers has popped up on black markets and, by one estimate, could be used to make $3 billion in illegal purchases, The New York Times reported. Home Depot confirmed the breach last week, saying the theft of data included 56 million customer accounts.
It's difficult to estimate how much it will cost banks whose customers had used their debit or credit cards at Home Depot, said Bill Holmes, president of the Arkansas Bankers Association.
"That is strictly dependent on each bank," Holmes said. "But our banks all learned in the Target breach to be proactive. They have the system available to go in and see [which customers have been compromised]."
Banks with assets under $50 billion must bear the costs of the fraudulent charges against a customer's card, Holmes said, citing a report by the American Bankers Association. In the security breach at Target earlier in the year, the average fraud loss per card was $331, the report said.
The five largest banks in the country, which issue up to 90 percent of the country's cards, have contracts with the credit and debit card companies to be reimbursed for security breach charges, according to the national association's report, Holmes said.
"But none of the [smaller] community banks will ever see a penny from [the Target breach]," Holmes said.
The cost of reissuing a card to a customer whose card was compromised in a breach is about $9.70, which includes the card stock and staff and mailing costs, the report said. The cost for larger banks is less, Holmes said.
On Wednesday, Bank of the Ozarks made the decision to cancel all cards it knew to have been affected by the Home Depot breach, Susan Blair, a spokesman for the bank, said in an emailed statement.
In conjunction with the cancellation, Little Rock-based Bank of the Ozarks mobilized a team of branch personnel to notify all affected customers immediately by phone, in addition to sending a letter to those customers, Blair said.
"We have subsequently replaced a large percentage of the cancelled cards with new cards issued on-site through our network of 165 offices, and all other customers have been mailed replacement cards," Blair said.
Arvest Bank, the largest bank based in Arkansas with more than $14 billion in assets, has not taken any action with its debit cards in connection with the Home Depot breach, a company spokesman said.
"Arvest Bank is continuing to monitor the situation and will evaluate any card replacement that may be needed," Jason Kincy, an Arvest spokesman, said in an email. "When replacing cards in a situation such as this, we generally will not cancel the cards until the new card arrives in the mailbox."
Conway-based Centennial Bank is reissuing cards to its customers whose cards were compromised in the Home Depot breach, said Eric King, a spokesman for the bank.
He didn't know how many were affected but it is much less than in the Target breach earlier this year, King said.
"We will not cut off the old card until they receive the new one," King said.
Pine Bluff-based Simmons First National Bank immediately ordered replacement debit and credit cards for customers who used their cards at Home Depot during the period of the breach, David Bush, a senior vice president with Simmons' bank card division, said in an email.
"It will take time for the investigation to reveal exactly how many customers may have been affected," Bush said. "However, we feel that it is in our customers' best interest and the best interest of the bank for us to take prompt, proactive action."
Business on 09/23/2014