Thousands get new debit cards

Security breach fears lead financial institutions to cancel and reissue the plastic banking devices

Local financial institutions say they have canceled or reissued thousands of debit cards over concerns that customers' account numbers and personal identification numbers might have been stolen from a national retailer.

Bank officials and federal investigators will not disclose the retailer or retailers thought to be at the center of the data breach because the investigation continues.

Local customers said OfficeMax is the name given by their financial institutions when asked for details. Many of the transactions appear to have been made in February, though investigators won't define the period.

OfficeMax, based in Itasca, Ill., has no knowledge of a security breach, said William Bonner, a company spokesman in Chicago.

Since February, several large banks, including Wachovia, Bank of America and Wells Fargo, have reissued thousands of debit cards after being notified by Visa USA of the breach. Spokeswomen for Charlotte-based Wachovia and Bank of America, which have more than half of North Carolina's deposits, would not say how many cards were reissued.

This week, officials at the State Employees Credit Union, First Citizens Bank and RBC Centura Bank, all based in Raleigh, also confirmed reissuing thousands of debit cards and PINs after Visa told them last week that accounts had been compromised. All said they detected a wave of fraudulent purchases after the tip.

The FBI recently moved its investigation of the matter from Sacramento, Calif., to Charlotte, said Kevin Lucas of the FBI's Charlotte office. He wouldn't provide details.

It is not the first time that local banking accounts have been hacked. In July, thousands of credit- and debit-card holders in North Carolina were contacted or issued new cards after hackers got into databanks at a credit-card processing facility in Arizona.

Banks and credit-card companies stress that consumers are not responsible for fraudulent purchases on their account.

"It's important for cardholders to know they are fully protected against unauthorized purchases," a statement from Visa USA said.

But card companies also are growing wary of retailers who, they say, fail to abide by the industry's standard security rules. Visa officials said that retailers in some cases are storing more customer data than allowed.

The State Employees Credit Union, which has about one in eight North Carolinians as members, reissued more than 27,500 cards and PINs last week. Officials opted not to cancel potentially compromised cards until members got new ones in the mail -- probably within a week, said Leigh Brady, a spokeswoman for the credit union. She said credit union officials did not want members to lose access to their money.

Richard Krawiec of Raleigh, a freelance writer and credit union member, said he had mixed feelings about that decision.

"Part of me thinks this card should have been canceled while these people are out there," Krawiec said. "Then again, I am glad that I can still access my account."

After receiving a notice of the breach on Monday, Krawiec confirmed with credit union officials that any stolen information would have occurred through a debit-card purchase he made at OfficeMax in February.

First Citizens Bank, meanwhile, has reissued new cards for 7,000 customers possibly affected. All new cards and notices were mailed by Monday and should be received by early next week, said Barbara Thompson, spokeswoman for First Citizens. Affected customers can use their current cards until new ones arrive and are activated, she said.

Not so for some customers of RBC Centura. To contain risk, the bank canceled about 6,500 cards Friday before officials could notify customers.

After monitoring suspect accounts, "we did notice some fraudulent activity showing up in Russia and other countries and decided to go ahead and cancel," said Kristen Doherty, a spokeswoman for RBC Centura.