Advertisement

Business

Business

Lawrence couple victimized by security breach

February 12, 2009

Advertisement

Earlier this week, Chad and Amanda Reasoner found mysterious transactions had removed money from their bank account.

There were four transactions on a Capitol Federal debit card totaling $633, the Lawrence couple found. On Thursday they noticed their account showed another transaction, upping the total to $743. Purchases were for clothes and electronic items, Chad Reasoner said.

“I canceled it (the card) after I saw the first one, but then the others appeared,” he said.

Even more mysteriously, a merchant’s invoice was mailed to Amanda Reasoner, apparently for verification purposes, at the couple’s Lawrence address. It showed the merchandise ordered in one of the transactions was shipped to an address in Fort Worth, Texas. “Somehow they got more than just the card number, they also got my wife’s name and address,” Chad Reasoner said.

The Reasoners are victims of a security breach publicized last month at Heartland Payment Systems in Princeton, N.J. Hackers gained access to credit and debit card information from millions of transactions. Heartland processes the transactions.

Capital Federal sent out letters a few days ago to customers that cards were going to be canceled and new ones issued, Chad Reasoner said.

“We didn’t think anything about it,” he said.

On its Web site, Heartland states it is working with federal law enforcement agencies in investigating the breach. Heartland also states that any fraudulent transactions related to this incident won’t be charged back to the cardholder. Nevertheless, the money is gone, since it involved a debit card instead of a credit card.

Reasoner is contacting the merchants, trying to get the money back. Capital Federal also is working to get the money returned, but it may take a few weeks, Reasoner said. One merchant said it would need a subpoena to return the money, he said. He has also passed on the information about the Fort Worth address to Heartland.

“We’re just working through this,” he said. “I hope this person is leaving a bigger trail than they should.”

Comments

kmat 5 years, 10 months ago

Hmmm. DCB reported this event, which happened more than a couple weeks ago, as soon as it happened and sent letters to those whose info was breached and issued new cards and shut down the old accounts so no one could have this happen to them. Why did Capitol Federal not do this?

Jayson Hawk 5 years, 10 months ago

Capitol Federal did nearly the same, just not as quickly it appears. I received a letter last Sat. Cap Fed should have deactivated the breached cards immediately instead of allowing the use of the cards until a replacement was received. I had them canceled the card as soon as I received the letter.

Bobo Fleming 5 years, 10 months ago

I was given the impression that Cap Federal would restore balances in these matters even though the card was a debit card with the exception of $50.00. Am I mistaken on this?

hootman31 5 years, 10 months ago

Curious if this is also related to the High School Alumni Directory?

Friend's credit card had close to that much charged on video rental's thru a UK site.

Only previous transaction on that card was the Alumni Directory.

It wasn't the scam directory in the following story, as he actually got the directory recently, but then started seeing numerous charges on CC.

So if you did get a real Alumni Directory, I would check that card.

Which company did the Reasoner's use? that used the Heartland Payment Systems?, now that would be a story worth 'bloggin' 'bout.

compmd 5 years, 10 months ago

When I read this headline, the following played out in my head:

Ensign Reasoner: Captain Dever! There's been a security breach in cargo bay two! Its the Klingons! Klingon: Puny human p'tahk, now I'm going to drain your Cap Fed account! It would be dishonorable for me to miss a payment on my Bird of Prey. She's a new model from Mog's Warship Emporium of Qo'Nos, very pricey. And in this economy its hard to predict...hey...your, debit cards, now! Captain: Ensign, are you alright? Klingon: No captain, he's not alright, he's about to become a feast for my targ! Bwahahahaha! disruptor blast Ensign: aaahhhh!

OK.

I should not be trading sleep for watching old Star Trek episodes. Yeah.

yellowhouse 5 years, 10 months ago

bank accounts are FDIC insured. Once a victim proves fraud the money is automatically returned to the account. The only catch is it has to be reported within 30 days of the fraudulent transaction.

Merchants have no say in a chargeback from fraud. Merchants cannot make demands for subpoenas, The payment is automatically reversed.

Chicago_82 5 years, 10 months ago

"Cap Fed should have deactivated the breached cards immediately instead of allowing the use of the cards until a replacement was received."

ksjhawks, if your debit card was immediately cancelled and you happened to need gas for your car while you were out driving, you'd be pretty pissed off, wouldn't you?

Now if you saw a charge on your account you didn't make (and people should be monitoring their account on a regular basis anyways), you would need to report it to the bank by signing a form, and you would usually receive provisional credit to your account while the transaction is further investigated.

Danimal 5 years, 10 months ago

Isn't it awesome that we live in a country where poorly run corporations and labor unions can get multi-billion dollar bailouts, but an individual who has been a victim of identity theft or electronic fraud is left holding the bag?

Sigmund 5 years, 10 months ago

yellowhouse (Anonymous) says… "bank accounts are FDIC insured. Once a victim proves fraud the money is automatically returned to the account. The only catch is it has to be reported within 30 days of the fraudulent transaction."

You are a moron. Credit cards are not FDIC insured and FDIC insurance applies only to bank failure not fraud.

Sigmund 5 years, 10 months ago

Chicago_82 (Anonymous) says… “Cap Fed should have deactivated the breached cards immediately instead of allowing penneythe use of the cards until a replacement was received.”

Agreed, they were more negligent as the cardholder. Every penny will be returned.

Chicago_82 5 years, 10 months ago

Wow, Sigmund, that was blunt. But you're absolutely right. And furthermore, yellowhouse, a customer has 60 days to report it, as stated in the Electronic Funds Transfer Act.

Chicago_82 5 years, 10 months ago

Sigmund, my 7:45 post was a quote from ksjhawks 5:33 post. Cap Fed was not being negligent in any way, and yes - every penny of fraudulent charges does get returned. My last post was in response to your reaction to yellowhouse.

Sigmund 5 years, 10 months ago

If Cap Fed knew the cards had been compromised they should have disabled those cards immediately. If they didn't they are in my mind complicate in the fraud or at least negligent. In any event, every single cardholder should get every single penny back from Heartland or Capital Federal.

flux 5 years, 10 months ago

That really blows. I cant stand a thief

storm 5 years, 10 months ago

Nothing invalidates persuasion of a fact or idea, faster than calling someone a moron.

Chicago_82 5 years, 10 months ago

In fraudulent cases, it's interesting how people will blame everyone - everyone, but the thief who actually stole the money.

Chris Ogle 5 years, 10 months ago

I hope my 62.13 doesn't get stolen from Capn Fed. I will be pissed + broke.

Sigmund 5 years, 10 months ago

storm (Anonymous) says… "Nothing invalidates persuasion of a fact or idea, faster than calling someone a moron."

Except, of course, proving you are a moron by misstating every single "fact" in your post.

Jayson Hawk 5 years, 10 months ago

"ksjhawks, if your debit card was immediately cancelled and you happened to need gas for your car while you were out driving, you'd be pretty pissed off, wouldn't you?"

I wouldn't have been upset if they had canceled my card right away. I had other options of using my credit card, writing a check, or withdrawing money from the bank.

tir 5 years, 10 months ago

Capfed had 14,000 customers affected by the breach. US Bank was also affected, but won't say how many accounts were compromised. Over 160 banks and credit unions had customers who were victimized and the list continues to grow.

See a list of affected institutions here: http://www.bankinfosecurity.com/articles.php?art_id=1200

Watch your statements, folks. This isn't over yet.

OldEnuf2BYurDad 5 years, 10 months ago

"Isn't it awesome that we live in a country where poorly run corporations and labor unions can get multi-billion dollar bailouts, but an individual who has been a victim of identity theft or electronic fraud is left holding the bag?"

Those things have nothing to do with each other.

I had my debit card "compromised" and some internet charges from the other side of the world showed up on my account overnight. I got my money back immediately and Commerce gave me a new card while I waited. I had to wait for the "debit" card to arrive (the card they gave me at the office was only for ATM use), but they were quite on top of it.

Chicago_82 5 years, 10 months ago

ksjhawks (Anonymous) says… I wouldn't have been upset if they had canceled my card right away. I had other options of using my credit card, writing a check, or withdrawing money from the bank.

Understandable, and personally I would be able to say the same - but what about those that don't have any other options? Many people carry only one debit card, and they would have been put in a very difficult position. Cancelling the cards immediately would create a more drastic inconvenience to people.

jafs 5 years, 10 months ago

According to DCB, there was a very slight chance of someone using our card, and they didn't disable it immediately.

In fact, they said it was fine to use it until we got the new one, which took a couple of weeks.

If any unauthorized charges show up on our account, I expect them to cover them, as they said they would.

Otherwise, I'll be very upset.

yellowhouse 5 years, 10 months ago

Sigmund said You are a moron. Credit cards are not FDIC insured and FDIC insurance applies only to bank failure not fraud.

You are a bigger moron because Captiol Federal is a bank issued card, and FDIC insurance applies to all fraudulent bank transactions.

And most credit cards are protected against fraud.

Sigmund 5 years, 10 months ago

yellowhouse (Anonymous) says… “bank accounts are FDIC insured. Once a victim proves fraud the money is automatically returned to the account. The only catch is it has to be reported within 30 days of the fraudulent transaction.”

You are a moron. Credit cards are not FDIC insured and FDIC insurance applies only to bank failure not fraud.

yellowhouse (Anonymous) says… "You are a bigger moron because Captiol Federal is a bank issued card, and FDIC insurance applies to all fraudulent bank transactions. And most credit cards are protected against fraud."

Doesn't matter who issued the credit card, credit cards are not FDIC insured and your bank accounts is not FDIC insured against fraud. Bank deposits (not credit card charges) are insured up to $250,000 per individual account against bank failure, not fraud.

"The FDIC (Federal *Deposit Insurance Corporation) is an independent agency of the United States government that protects you against the loss of your *deposits if an FDIC-insured bank or savings association *fails.*" https://www2.fdic.gov/edie/fdic_info.html

The fact that you had a chance to correct all your original misstatements but won't only proves my original point. You are in fact a moron.

anaughtymouse 5 years, 10 months ago

It seems unfortunate this article has been published. At no point is there ever any mention of the hundreds of other banks affected by this security breach nor was Cap Fed given a chance to tell their side. This is poor journalism at its best: un-researched, bias, and poorly written.

Rather than try and make Cap Fed seem at fault, you should try commending the bank that has made national news several times over the past couple of months. Cap Fed is a strong bank with conservative values that has yet to ask for any bailout money. While other banks are drowning, Cap Fed stock went up 40% last year. It is unfortunate the accounts were compromised, but it is not Cap Fed's fault and they should not be held responsible for it as the author of this article would have readers believe.

Chicago_82 5 years, 10 months ago

Very well said, anaughtymouse! I agree with you completely!

Commenting has been disabled for this item.