Westpac mum on delinquent merchant

Beverley Head
Consumer lending, IT systems, Major Banks, Payments system & regulation, Westpac
Banks blocked or replaced thousands of customer credit cards late last week, after a merchant security breach identified late last week compromised the accounts of many customers.

An unidentified merchant using Westpac as its acquiring bank is the source of the strife. The merchant appears to be a client of the bank's St George division.

The method used - possibly some form of skimming - is also unclear.

The problem with the bank's cone of silence regarding exactly what was compromised is that customers are left in the dark about which merchants may have security problems. This leaves them entirely dependent on their bank's fraud monitoring systems for protection.

Those fraud systems seem to have worked well in this instance, and the banks were at pains to stress that customers would not be liable for any fraudulent use of their cards associated with the security breach.

The episode highlights the divergent approaches of banks in responding to the risks of loss from the misuse of cardholder data and what the bank or merchant will wear.

Commonwealth Bank alerted 8000 of its customers, via SMS, email and letter, of the potential card breach and is now replacing these cards as a matter of priority.

A spokesman for Westpac said it had bulk-blocked a number of customer cards if these customers were deemed to be at risk.

ANZ said that it was monitoring the situation carefully and that while there may have been some restrictions imposed on the locations where customers could use their cards over the last couple of days there had been no large-scale card cancellations.

NAB said it had cancelled "a small number of cards" and noted in a statement that "we do not need to cancel all cards deemed 'at risk'" since the risk management system "alerts NAB's fraud team to suspicious activity on customers' accounts within seconds and in many cases allows us to automatically decline fraudulent transactions."

The breach at the Westpac merchant is the latest in a long line of technology-related issues that the banks and credit card users have faced in recent months, most notably the Sony security breach, which compromised the credit card details of customers internationally. While cancelling and reissuing a credit card protects a user from the immediate security problem it also forces customers to update direct debit details, and, for customers travelling overseas, this can represent a major inconvenience.

Home Search Print Top

More from this Edition