As we know it today, HPS has affected banks nationwide. Many are reissuing cards, many are not. It would seem that most banks are opting to take faith in their fraud detection technology, citing in most cases that the cost to reissue would likely exceed the costs of dealing with fraudulent charges case-by-case.
The ethics of not reissuing cards is debatable. It, in many ways, puts the responsibility of reporting fraud on the shoulders of the card holders. At the same time, one can argue that banks should not be the ones forced to bear the cost burden of this breach. We’ve read estimates anywhere from $7 to $20 per card as being the cost of replacement. Given that, we can see the reluctance of banks, though we certainly don’t endorse the practice. Chances are, the banks will seek to recoup the costs in the courts.
We’ve compiled a list of banks and card issuing institutions that we’ve found, via scouring news articles, that have been reported to be affected, with a list of the number of cards reissued when the number was disclosed. Heartland won’t tell us, so we’re trying to get an idea on our own. You can view the list here:
The list, as of the time of this writing, consists of nearly 50 organizations affected, and over 200,000 records. This is likely only the very beginning, and we may or may not keep up with it, depending on how large it mushrooms.
Meanwhile, Heartland Payment Systems is now being sued, class action style. And Robert O. Carr, Heartland Chairman and CEO is under suspicion of insider trading, per the linked article (which is fantastic, read it).
Heartland continues to claim it doesn’t know how many cards are affected. This seems completely improbable. Someone knows, be it Visa, Mastercard, or Heartland, someone must know. It would appear that Visa and Mastercard are the organizations doing most of the “talking” with the card issuers, giving them lists of cards, etc. Yet, still no total. Someone knows the total, or has a rough idea.
Poted by d2d