Friday, February 22, 2013

Bahamian banks react to data breach... ...thieves may have infiltrated an international acquiring company located somewhere in the Caribbean... ...Sensitive information for clients across the region could have spilled into the hands of criminals ...although there have been no major reports of fraud

Banks react to data breach

Commonwealth Bank and Bank of The Bahamas join Fidelity in reissuing credit cards, as financial institutions monitor client transactions closely

Guardian Business Editor
Nassau, The Bahamas

Another financial institution has pulled the trigger on the partial reissuing of credit cards as the possibility of a major data breach sinks in.

Following an assessment of the risk, Commonwealth Bank Limited (CBL) is considering whether to send out 5,000 new credit cards to its clients, a process that could take up to three weeks.

Ian Jennings, the president of CBL, confirmed that some clients have already received new cards.  He said that a decision will be made soon on whether to commence a mass reissuing.

Sources close to the matter told Guardian Business that Bank of The Bahamas (BOB) is also reissuing cards.  Paul McWeeney, the managing director at BOB, did not respond to request for comment before press time.

On Tuesday, Guardian Business exclusively revealed that thieves may have infiltrated an international acquiring company located somewhere in the Caribbean.  Sensitive information for clients across the region could have spilled into the hands of criminals, although there have been no major reports of fraud.

Anwer Sunderji, the CEO of Fidelity Bank (Bahamas), said all Bahamian banks have been compromised and the institution chose to replace its cards as of late last week.

Indeed, financial institutions in The Bahamas don't appear to be taking any chances.

"As a matter of precaution, we are reissuing cards to our customers and notifying those that may have been breached," Jennings said.  "It is an expense in terms of manpower.  The cost of plastic is low.  It is the process and getting them out as quick as we can that is costly.  It will take up to three weeks to get them out."

Jennings told Guardian Business that it's a precaution CBL must take given the circumstances, noting that "you don't want that kind of exposure".

Managing Director of Scotiabank (Bahamas) Kevin Teslyk said yesterday that the breach appears to stem from a missing data tape or device from an office in Barbados.

He stressed that the bank employs very sophisticated monitoring software and preventative techniques.  Since the missing tape, the alert has not been escalated, although the bank will continue to monitor the situation over the coming days and weeks.

"If things change we'll handle it on an individual level, and if need be, to a greater extent if necessary," he added.

Wendy Craigg, governor of the Central Bank, confirmed that the risk could be "material".  The Central Bank was first informed of the incident by a domestic institution last week.  Over time, it became apparent that other banks were compromised and the replacement of cards would be necessary.

"As a regulator, we are always concerned about operational risk issues, and certainly one such as this could be material.  Our approach has been to contact all our domestic licensees, especially those issuing Visa Debit cards, to assess the extent of the breach," she said.  "We have determined that banks which processed transactions through the affected service provider were already alerted to the breach, and we are following up the matter to assess any possible exposure."

The governor applauded the response of banks thus far to protect their clients, pointing out that the breach is not just impacting The Bahamas.

Other entities within the Caribbean and elsewhere utilize the affected service provider.

For his part, Jennings told Guardian Business that there is very little that can be done about these data breaches.  Customers should always be careful with their card usage, he said, and during this time clients must be especially attentive.

February 22, 2013