The Inland Northwest region’s largest instance of credit card fraud in years has impacted Idaho County financial institutions, which are advising patrons to check their transaction statements for unusual purchases and to report them immediately.
“This is the largest case of fraud we’ve had on debit cards,” said Dan Goehring, CEO for the Grangeville branch of Pine Tree Credit Union, “sophisticatedly organized,” and planned out very well.
As of last Thursday, Goehring said they’ve had about 75 cases they attribute to the data breach suspected to have occurred with Spokane-based grocery wholesaler, URM Stores Inc. He said they started noticing an uptick in the number of fraud transactions roughly two weeks ago, which have occurred in other countries and domestically as far as Florida and Maine.
It is a “significant amount,” he said, for the credit union, with the fraud transaction amount range in these cases from a low of $50 to as high as $1,500.
Usually the credit union has some minor fraud reported, in single instances, he said, and they have the chargeback opportunity to recover the amount. However, as these frauds are signature-based transactions – using cards manufactured with stolen data — that recovery option isn’t available. And though the credit union wasn’t responsible for the data breach, he said, it will be taking the brunt of it.
“Members are being reimbursed,” Goehring said. Regulations provide protections for consumers if those fraudulent charges are promptly reported to the card issuer. “But unfortunately we’ve already taken that hit as a credit union.”
This regional fraud wave is under criminal investigation by the U.S. Secret Service, which has been receiving reports from banks and credit unions throughout its Spokane region for more than three weeks. According to media reports, it is the largest regional outbreak of credit card fraud in nine years.
URM has an ongoing internal investigation of its data systems to determine whether there has been any unauthorized disclosure of payment card information, according to a press release from its CEO, Ray Sprinkle.
“At this time, we cannot confirm any unauthorized disclosures,” he stated.
URM services 160 independent grocery retailers throughout the Northwest, which locally includes Harvest Foods stores in Grangeville, Kooskia and Kamiah; Riener’s Grocery in Cottonwood, Elk City General Store, and Food City in Riggins.
As part of URM’s service, it provides its retailers access to a computer network for processing debit and credit card transactions. Recently, URM learned some member-owned locations have been identified as Common Points of Purchase (CPP), a notification alerting a merchant that a card number used at his or her store was subsequently used in a fraudulent transaction.
“A store’s classification as a CPP does not mean that its data systems have been compromised,” clarified Sprinkle.
Last week, Grangeville branch manager for US Bank, Beth Boehmke, said their office was receiving six to 10 reports a day from customers reporting fraud issues, which picked up significantly from the one to two being made daily the week prior. They were seeing fraudulent purchase attempts in both foreign and U.S. locations.
“Lots of pharmacies, unfortunately,” she said, noting, for example, one $300 purchase made at a drug store in California.
“US Bank has a very, very good fraud department,” Boehmke said, that in such a fraud event contacts customers that their card has been compromised and sends them a new one. “Even if the transaction is posted, they will get their money back.”
Adding to this, tellers the Free Press talked with last week advised customers to make sure their contact information – telephone and mailing addresses – was correct with their bank and card company for prompt notification in the event of fraud. And for those still wary after receiving a notification call, they can always call their local bank branch for confirmation.
At this point, both URM and financial institutions are advising individuals to review and monitor bank and credit card statements for unauthorized transactions and report these to their banks and/or credit card companies.
“Our fraud department really looks out for our customers,” Boehmke said. “But it doesn’t hurt to check your online banking – what’s coming in, what’s going out – on a regular basis.”
“They need to watch their statements right now; they really shouldn’t wait for it to come in the mail,” Goehring said. “They need to check it online, if possible. If not, either call us or come in and we’ll check to validate that they’ve had no fraud.”
When or if this fraud will run its course is unknown. For Pine Tree, Goehring said their only recourse may be to reissue every member a debit card with a new number.
“It may come to that,” he said, “but it would be fairly labor intensive.” Meanwhile, Pine Tree is handling fraud reports on a case-by-case basis.