PORTLAND, Maine — Bangor Savings Bank is replacing an undisclosed number of customer debit cards in response to data breaches at certain merchants that have raised concerns about fraudulent transactions.
Andrew Grover, the bank’s chief risk officer, said in a telephone interview Monday that he could not disclose the name of the merchant in question.
When a breach is revealed and a sufficient number of bank customers are found to have shopped at the retailer during that time, the bank will decide to do a bulk card replacement as a precaution.
“We’ve gotten to a point where we think, percentage-wise, the likelihood of [an affected customer] experiencing fraud is pretty high,” Grover said. “And so, we’re avoiding the time of having customers try to call and correct the fraud.”
The bank notified customers Monday that it would replace certain debit cards because of “several recent merchant data breaches.” The bank plans to issue the new cards by June 22, a date by which it will deactivate current cards for affected customers.
Grover could not say how many of the bank’s customers would have their cards replaced, but he did say that such fraud seems to be happening more frequently.
“It seems like the big ones happen once a year now,” Grover said.
He added that he does not blame retailers, as data thieves are sophisticated and “do a really good job at what they do, unfortunately.”
“It’s too bad that they can’t use that knowledge for good,” Grover said.
Grover said the bank typically waits until a retailer has identified and resolved a problem before deciding to replace its customers’ cards. In these cases, he said, it’s only information on a specific debit card that’s at risk, and not other personal information.
It would include the name of the cardholder, which Grover said scammers could use to re-create a debit card to use at checkouts, but they don’t have enough information from the card alone for other transactions, such as taking out a line of credit, he said.
It’s not clear from media reports or other sources what specific data breaches prompted the Bangor Savings replacement decision. Wal-Mart locations in Virginia and Kentucky recently had reports of card skimmers at its self-checkout kiosks, but a Wal-Mart spokesman said Monday that it has not found any such devices at its Maine stores.
The website Krebs on Security reported in April that there has been a sharp uptick in data theft using skimmers — small devices that steal card information at the point of sale — in the past year, mostly at non-bank ATMs. The fast-food restaurant Wendy’s also reported a breach at about 300 of its 5,500 franchised stores, starting in the fall of 2015.
The Bangor Daily News could not confirm connections between ATM breaches or the Wendy’s breach and the Bangor Savings card replacement.
A representative from the regional office of the U.S. Secret Service, which handles data breach investigations, was not immediately available for comment on any recent cases at retailers in Maine.