UI credit union cancels cards after Schnucks breach

CHAMPAIGN — Some holders of debit cards issued by the University of Illinois Employees Credit Union were caught by surprise last week when the credit union canceled the cards without prior notice.

The credit union took the action Thursday after it learned those card holders' information had been compromised as the result of a security breach at Schnucks supermarkets.

Greg Anderson, senior vice president of the credit union, said about 3,400 debit cards and about 1,400 credit cards held by credit union members had been compromised as a result of the Schnucks breach.

The credit union was one of many financial institutions scrambling to contain fraud once the security breach became apparent.

At the UI credit union, new credit cards were ordered April 23 for affected customers. Those customers could continue to use their old cards until they received new ones, Anderson said.

But debit-card holders couldn't use their cards after the credit union moved to block those Thursday.

Anderson said the credit union sent emails to customers informing them of the action, in cases where email addresses were available for customers.

In cases where no email addresses were available, phone calls were placed. But in about 100 of those cases, the phone numbers listed were no longer valid.

Anderson said the credit union canceled the debit cards after a "tsunami" of fraud reports came in last week.

"The activity really accelerated once it was reported by Schnucks on April 15," he said.

Anderson said the credit union tried to accommodate debit-card customers through other means, waiving the fee on Visa travel cards that would enable people to get cash. The credit union also participated in "share branching" with credit unions elsewhere so people could get cash at other locations.

Not all holders of debit and credit cards issued by the credit union were affected, Anderson said. It turned out only about one of every four UI Employees Credit Union cardholders had used their cards at Schnucks in the December-to-March period in which information was compromised.

Anderson said if circumstances similar to last week's were to occur, he would try to communicate earlier with customers — letting them know the credit union was investigating the circumstances and there might be cause for the credit union to block the cards.

"We apologize for the impact on people," he said, adding the credit union had received both support and complaints from members.

The number of cases of fraud being reported at the credit union has slowed down this week, Anderson said.

"We think we've stopped the leak," he said. "Monday and Tuesday, it was very much back to normal."

Anderson said the cost of the fraud "falls on the financial institution," not the merchant, the processor or the cardholder.

The credit union is still gathering information on how much the fraud cost it, but Anderson estimated it in the "tens of thousands" of dollars.

Any chances for recovery through the courts is likely to be only "fractional," he added.

Anderson said it's not the largest card-fraud case the credit union has encountered. That distinction goes to a 2008 case in which information on cards processed by Heartland Payment Systems was compromised.

Sections (2):News, Local
Topics (1):Banking

Comments

News-Gazette.com embraces discussion of both community and world issues. We welcome you to contribute your ideas, opinions and comments, but we ask that you avoid personal attacks, vulgarity and hate speech. We reserve the right to remove any comment at our discretion, and we will block repeat offenders' accounts. To post comments, you must first be a registered user, and your username will appear with any comment you post. Happy posting.

Login or register to post comments

amf wrote on May 01, 2013 at 8:05 am

Our debit cards were affected.  This was a minor inconvenience.  We got the email Wednesday night and by coffee time Thursday morning, the cards were deactivated.  We would have appreciated a little more time to get to the bank to withdraw the cash we'd need for the week that we'd be without working cards.  But we keep a small amount of cash available at all times, so it was really fine.

I can appreciate that the bank has to do what it has to do to stem their losses.  A little more notice would have been great, but otherwise I'm thankful for the systems that protect both me and my financial institution from fraud.