The security of your transaction account is one of our top priorities.
To combat Debit Card Fraud, Community Bank uses industry leading technology to help identify and prevent suspected fraudulent debit card activity. Occasionally it is necessary to block debit card transactions in other states, foreign countries, and at various merchant locations where fraudulent activity is prevalent. If you experience difficulty using your card for a signature based transaction, please try to use the PIN based debit option by using the keypad and entering your PIN number. In the event that we also blocked PIN transactions, we suggest that you be prepared with an alternative payment method.
We take these preventive actions very seriously in order to protect Community Bank account holder’s funds. We apologize for any inconvenience this may cause, but assure you that this action is taken to protect you and your account.
If you are planning to travel and anticipate using your Community Bank Debit Card, please let us know by calling 888-223-8099 Monday through Friday from 8:00 to 5:00pm or by contacting your local Community Bank office. We can put your card on a special status so your card use is not interrupted. Again, it is important you have an alternative method of payment when you travel for emergency situations and that contact information is up to date and on file at the bank so that we may contact you when necessary.
To protect yourself, it is important that you manage all of your bank accounts on a regular basis including a review of your account activity for unusual transactions. Please notify us immediately if you suspect any fraudulent activity. Community Bank provides Internet Banking at no cost which allows real time monitoring of account transactions at your convenience. You can enroll in our secure online banking service at www.communitybank.tv or by visiting your local Community Bank office.
The ATM/Debit cards we issue are protected by FraudWatch®PLUS. If suspicious activity is noticed on your ATM/Debit card, Fraud Prevention Services will call to notify you.
Card security checklist
Make sure you've done the following to protect your Debit MasterCard card:
ID Theft checklist
Recommendations to help prevent ID Theft:
To report a lost or stolen Community Bank ATM, Debit MasterCard, Visa Credit Card, American Express Credit Card or Visa Equity Access Card.
Toll free numbers for ATM and Debit MasterCards:
During Business hours of 8:30am to 4:30pm:
Call (888) 223-8099
After Business hours:
Toll free numbers for Visa or American Express Credit Cards:
If you suspect you have received a fraudulent email from Community Bank, contact email@example.com
Forward other suspected fraudulent emails to the Better Business Bureau at firstname.lastname@example.org.
Identity Theft Resolution ServicesIf someone steals your identity, Identity Theft Resolution Services provides resolution services to help you restore your identity. Full service restoration can help you reduce the personal time required to resolve the situation and can help eliminate out-of-pocket expenses. Included is Identity Theft Alerts, which is a FREE service only offered by MasterCard. You are alerted if it detects that your personal information is being bought or sold online. Click here to learn more about Identity Theft Alerts. Call 1-800-MASTERCARD to learn more about this benefit or visit MasterCard http://www.mastercard.us/idtheftalerts/
Visa has the best tools in place to prevent and detect fraud, but in the event it does happen, we can put your mind at ease. If you suspect you've been the victim of identity theft, Identity Theft Assistance puts you in touch with the information and help you need.
Call 1-866-ID-HOTLINE (1-866-434-6854) or visit http://usa.visa.com/personal/security/identity-theft-help.jsp
800-525-6285 (Fraud Hotline)
800-685-1111 (Report Order)
P.O. Box 740250
Atlanta, GA 30374
888-397-3742 (Fraud Hotline)
888-397-3742 (Report Order)
P.O. Box 9556
Allen, TX 75013
800-680-7289 (Fraud Hotline)
800-916-8800 (Report Order)
P.O. Box 6790
Fullerton, CA 92634
Best Practices Guide for Business Customers
At Community Bank, we understand the importance of keeping your information safe from cyber criminals. While we are constantly and proactively working to keep your accounts secure, it is also up to you to create a safe environment to protect your accounts from unauthorized access and fraudulent activity.
As each business and organization is unique and operates differently, additional security measures may be necessary based on your level of risk. We recommend that you establish internal controls and periodically perform a risk assessment to determine if your controls are sufficient given your level of risk. We also recommend that you educate your employees on these online security best practices.
Breach at Equifax May Impact 143M Americans
Equifax, one of the “big-three” U.S. credit bureaus, said today a data breach at the company may have affected 143 million Americans, jeopardizing consumer Social Security numbers, birth dates, addresses and some driver’s license numbers.
In a press release today, Equifax [NYSE:EFX] said it discovered the “unauthorized access” on July 29, after which it hired an outside forensics firm to investigate. Equifax said the investigation is still ongoing, but that the breach also jeopardized credit card numbers for roughly 209,000 U.S. consumers and “certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers.”
In addition, the company said it identified unauthorized access to “limited personal information for certain UK and Canadian residents,” and that it would work with regulators in those countries to determine next steps.
“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes,” said Chairman and Chief Executive Officer Richard F. Smith in a statement released to the media, along with a video message. “We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations.”
Equifax said the attackers were able to break into the company’s systems by exploiting an application vulnerability to gain access to certain files. It did not say which application or which vulnerability was the source of the breach.
Equifax has set up a Web site — https://www.equifaxsecurity2017.com — that anyone concerned can visit to see if they may be impacted by the breach. The site also lets consumers enroll in TrustedID Premier, a 3-bureau credit monitoring service (Equifax, Experian and Trans Union) which also is operated by Equifax.
According to Equifax, when you begin, you will be asked to provide your last name and the last six digits of your Social Security number. Based on that information, you will receive a message indicating whether your personal information may have been impacted by this incident. Regardless of whether your information may have been impacted, the company says it will provide everyone the option to enroll in TrustedID Premier. The offer ends Nov. 21, 2017.
The company said Thursday 08/18/2016 that it found and removed malware from registers at about 350 stores. The clothing store chain also said there's reason to believe credit and debit cards used at those stores between January 2 and July 17 this year "may have been compromised."
Online purchases during that time period would not have been affected.
"While not all transactions during this period were affected, out of an abundance of caution, Eddie Bauer is offering identity protection services to all customers who made purchases or returns during this period," the company said in a statement.
The company declined to say how many customers were affected.
How Will Home Depot Consumer Settlement Affect Banks?
Home Depot's $19.5 million settlement with consumers affected by the retailer's 2014 payments breach is unlikely to have much impact on a pending class-action suit filed by banking institutions against the big box retailer in May 2015 to recoup breach-related expenses (see Why Banks Sued Home Depot).
"The question of liability on behalf of Home Depot as it relates to the banks is something that is separate and distinct from the consumer suits," says cybersecurity attorney Chris Pierson, CISO for invoicing payments provider Viewpost. "However, this settlement sheds light on the business rationale underpinning the company and its priorities. It is not unsurprising given the status of enforcement actions, need to return to business as usual processes, and current threat matrix that a business would seek a quickly resolution to these lawsuits."
The consolidated consumer class-action lawsuit was filed against Home Depot in early May 2015, just before banks and credit unions filed their suit tied to the breach of payment card data. The breach was caused by the compromise of a third-party vendor's credentials that were used to launch a point-of-sale malware attack against Home Depot's payments system (see Home Depot, Target: Same Breach Script?).
Terms of Settlement
In its proposed settlement with consumers, which is still subject to approval by a federal court, Home Depot agreed to establish a cash fund totaling $13 million to compensate affected consumers for "documented out-of-pocket losses, unreimbursed charges and time spent remedying issues relating to the Home Depot data breach."
Consumers who submit claims also may "self-certify" time they spent remedying issues related to the breach at $15 per hour for up to two hours, according to settlement court filings.
Home Depot also agreed to pay an additional $6.5 million to fund 18 months of identity protection services for consumers who had their payment card data compromised as part of the breach.
The company also says in the settlement that it plans to "adopt and implement" new data security measures to protect the personal and financial information of its customers, as well as create a CISO position.
An estimated 40 million consumers had their payment cards compromised in the Home Depot breach, and some 53 million had their email addresses compromised, according to the settlement documents.
"We're working to put the litigation behind us and this was the most expeditious path, but it's not an admission of liability," Home Depot spokesman Stephen Holmes tells Information Security Media Group. "Keep in mind that customers were not responsible for fraudulent charges and they've been our primary focus throughout."
John Buzzard, director of product management for security firm Rippleshot Fraud Analytics, says the fact that more consumer class-action suits, such as the one against Home Depot, are being settled proves retailers are going to be expected to do more in the wake of a payments breach.
"This case and the fact that it had legs and made it all the way to settlement is emblematic to the seriousness that lawmakers and consumers view these compromises today," he says. "It's no longer acceptable to simply issue an apology and have that suffice as restitution to the consumer and card issuers."
What's more, Buzzard says more organizations are pumping funding into their IT security budgets to be more proactive about breach prevention. "This means that commercial concerns are taking data security far more seriously than ever before," he says. "We are at that tipping point where reasonable care to protect data may be viewed by the legal system as woefully inadequate."
Last year, Target reached a $10 million settlement of a lawsuit tied to its 2013 breach, compensating affected consumers who could prove they had suffered damages that were not reimbursed by financial institutions (see Judge OK's Target Breach Settlement).
But many consumer class-action suits involving the breach of payment card data have failed in the courts because it's been difficult for consumers to prove harm (see Why So Many Data Breach Lawsuits Fail). Consumers rarely suffer financial losses associated with a payment card breach. Banking institutions almost always reimburse consumers for losses they suffer because of fraud, and federal laws such as Regulation E, the Electronic Fund Transfer Act, provide additional debit and credit protections that banking institutions are required to cover.
Thus, the settlements of consumers' suits against Target, and now Home Depot, are largely public relations moves, some security experts say.
"The terms of the settlement agreement include provisions for improvements in data security and the hiring of a CISO to oversee the process, which implies that they were not taking the right steps even after the breach to secure data nor did they have the right organizational structure in place to manage for the future risk of a breach," says Al Pascual, head of fraud and security for Javelin Strategy & Research. "That, in turn, is inconsistent with the message that Home Depot attempted to convey via their press release after the breach.
"This kind of behavior is endemic of an organization that only appears to address cybersecurity vulnerabilities when forced to, either through public scrutiny or legal action. ... It will be critical that Home Depot's CISO is given the latitude and funding to make the decisions that are truly in the best interest of the organization and its customers, reporting directly to the board and with a budget commensurate to the task."
Wendy’s, the nationwide chain of fast-food restaurants, says it is investigating claims of a possible credit card breach at some locations. The acknowledgment comes in response to questions from KrebsOnSecurity about banking industry sources who discovered a pattern of fraud on cards that were all recently used at various Wendy’s locations.
Bob Bertini, spokesperson for the Dublin, Ohio-based restauranteur, said the company began receiving reports earlier this month from its payment industry contacts about a potential breach and that Wendy’s has hired a security firm to investigate the claims.
“We have received this month from our payment industry contacts reports of unusual activity involving payment cards at some of our restaurant locations,” Bertini said. “Reports indicate that fraudulent charges may have occurred elsewhere after the cards were legitimately used at some of our restaurants. We’ve hired a cybersecurity firm and launched a comprehensive and active investigation that’s underway to try to determine the facts.”
Bertini said it was too soon to say whether the incident is contained, how long it may have persisted, or how many stores may be affected.
“We began investigating immediately, and the period of time we’re looking at the incidents is late last year,” he said. “We know it’s [affecting] some restaurants but it’s not appropriate just yet to speculate on anything in terms of scope.”
When KrebsOnSecurity initially began hearing from banking industry sources about a possible breach at Wendy’s, the reports were coming mainly from financial institutions in the midwest. However, this author has since heard similar reports from banks on the east coast on the United States.
The Wendy’s system includes approximately 6,500 franchise and company-operated restaurants in the United States and 28 countries and U.S. territories worldwide. Bertini said most of the U.S.-operated stores are franchises.
Overview: Unauthorized Acquisition of Personal Information
• On Sept. 15, 2015 Experian discovered an unauthorized party accessed T-Mobile data housed in an Experian server.
• Experian’s consumer credit database was not accessed in this incident, and no payment card or banking information was obtained.
• The unauthorized access was in an isolated incident over a limited period of time. It included access to a server that contained personal information for consumers who applied for T-Mobile USA postpaid services between Sept. 1, 2013 and Sept. 16, 2015.
• Records containing a name, address, Social Security number, date of birth, identification number (typically a driver’s license, military ID, or passport number) and additional information used in T- Mobile's own credit assessment were accessed. No payment card or banking information was obtained.
• Experian notified appropriate federal and international law enforcement agencies and has taken additional security steps to help prevent future incidents.
• We continue to investigate the theft, closely monitor our systems, and work with domestic and international law enforcement. Investigation of the incident is ongoing.
• Experian is notifying the individuals who may have been affected and is offering free credit monitoring and identity resolution services for two years. In addition, government agencies are being notified as required by law.
• Although there is no evidence that the data has been used inappropriately, Experian strongly encourages affected consumers to enroll in the complimentary identity resolution services.
The discount stock brokerage firm Scottrade has revealed that hackers accessed its computer network and stole names and street addresses of 4.6 million clients between late 2013 and early 2014. The firm said it recently learned of the intrusion from law enforcement officials.
The revelation of a breach at Scottrade, made in a statement dated Oct. 1, came the same day credit services provider Experian revealed a breach that resulted in the theft of personal information for 15 million customers of mobile communications provider T-Mobile USA (see Experian Hack Slams T-Mobile Customers).
"Although Social Security numbers, email addresses and other sensitive data were contained in the system accessed, it appears that contact information was the focus of the incident," Scottrade said in the statement. "We have no reason to believe that Scottrade's trading platforms or any client funds were compromised. Client passwords remained fully encrypted at all times and we have not seen any indication of fraudulent activity as a result of this incident."
Scottrade says cybercriminals gained unauthorized access to its network for a period of several months between late 2013 and early 2014, but the company only recently learned of the incident from federal authorities, who had been investigating cybersecurity crimes involving the theft of information from Scottrade and other financial services companies.
"The FBI is unlikely to explain in detail why notification of this breach took so long, but it's not uncommon for an ongoing investigation to delay notification so that criminals aren't tipped off," says Tim Erlin, director of IT security and risk management at the IT security compliance firm Tripwire.
The Scottrade breach could increase the potential for brokerage fraud, says Tom Kellermann, chief cybersecurity officer at threat-intelligence firm Trend Micro. "Cybercriminals understand the financial sector more than we give them credit for," he says. "As we have realized this year, hackers are pursuing front-running and virtual-insider trading schemes."
Scottrade says it has secured the known intrusion point and conducted an internal forensics investigation on the incident with assistance from a computer security firm, and it has taken steps to strengthen its network defenses.
The company says it's notifying clients whose information was targeted and offering them one year of free identity protection services through AllClear ID.
Article from the Observer Reporter- Published: August 4, 2015
The owner and operator of Lone Pine Exxon has notified customers that a credit card skimming device was placed on its fuel pumps in late spring.
Waynesburg-based Jacobs Petroleum said in a letter dated July 31 that it appears the device was placed on the pumps at the Amwell Township gas station in late May.
Criminals use the skimming devices to capture data and sell it to be used for fraudulent transactions.
Steven R. Stuck, president of Stuck Enterprise Co., which owns Jacob Petroleum, said in a letter that the company was made aware of the situation by a local bank a few weeks ago. According to Stuck, an inspection of the pumps did not reveal a skimmer. He said daily inspections of pumps since then have not turned up anything suspicious.
“It appears that the device was put on the pumps for a period of time in May and then removed,” Stuck said.
In apologizing to customers who may have been affected by the skimming, Stuck said the company will continue to do what it can to insure that it doesn’t reoccur.
CHAMPAIGN, Ill. (AP) - Jimmy John's sandwich chain said Wednesday that it believes customers' credit card data was stolen from 216 of its shops between June and September.
The Champaign, Illinois-based chain said in a news release that stores in 37 states across the United States were affected. It did not say how many customers are affected.
Jimmy John's believes someone stole log-in credentials and remotely installed malware on machines used to swipe credit cards. Some customers' credit card numbers, expiration dates, verification codes and names were stolen between June 16 and Sept. 15, the company said.
The privately held company said it discovered the problem on July 30.
Jimmy John's said it believes its security has been restored by installing encrypted swipe machines and taking other steps.
Jimmy John's has more than 2,000 locations. https://www.jimmyjohns.com/datasecurityincident/index.html
In an effort to provide continued updates about fraudulent events, we would like to share information from The Home Depot concerning their recent data breach. The Home Depot has released several press releases addressing the data breach, which are listed on their website under the Investor Relations News Releases page. See The Home Depot's most recent press release from September 18, 2014 for the most up-to-date information about the breach.
Goodwill Industries International says in an update about a breach affecting about 330 of its stores that approximately 868,000 payment cards were exposed. The breach stemmed from malware used to compromise a third-party vendor used "to process credit card payments" (see: Goodwill Confirms Card Data Breach).
Approximately 330 stores in 20 states were affected by the compromise, Goodwill says (Click here) for the complete list of impacted stores and the time periods when they were compromised).
The impacted locations - which represent more than 10 percent of Goodwill's 2,900 stores - all used the same third-party vendor that was breached. The malware affected the vendor's systems intermittently between Feb. 10, 2013, and Aug. 14, 2014, Goodwill says.
We’re looking into some unusual activity that might indicate a possible payment data breach and we’re working with our banking partners and law enforcement to investigate. We know that this news may be concerning and we apologize for the worry this can create. If we confirm a breach has occurred, we will make sure our customers are notified immediately. For now, you should know the following:
First, you will not be responsible for any possible fraudulent charges. The financial institution that issued your card or Home Depot are responsible for those charges should we confirm a breach.
Make sure you are closely monitoring your accounts and reach out to your card issuer should you notice any unusual activity. If we confirm a breach, we will offer free identity protection services, including credit monitoring, to any potentially impacted customers. We’re working hard to get you the information you need as quickly as possible and will continue to provide updates as we learn more.
If you have any questions, please call Home Depot Customer Care at 1-800-HOMEDEPOT (1-800-466-3337).
We are aware of an increase in fraudulent activity being reported on Debit Cards. Please be diligent in monitoring your account activity through the use of telephone banking, internet banking and mobile banking. Any unauthorized use of your Debit Card should be immediately reported to 1-800-264-5578. In addition you should contact the bank during normal business hours; at your branch or Call Center at 1-888-223-8099.
Our Fraud Department has been busy protecting our customers from fraudulent transactions, most recently occurring in North Carolina. As a reminder, from time to time we may restrict the use of your debit card in certain geographical regions (countries or states) in which debit card fraud is known to be prevalent. If you have plans to travel and intend to use your card, please notify us approximately a week before you travel by calling 1-888-223-8099 before depending upon your debit card.
Community Bank has received a Debit Card Compromise Alert. The Bank is closing the compromised cards and ordering new cards. If you are unable to use your Community Bank Debit Card it may be a part of this newest alert. The Bank will contact you by telephone or email and your will receive a letter in the mail. If you prefer to be contacted by email, please provide us with your current email address by sending your email request to email@example.com or call 1-888-223-8099 during business hours. We will make every effort to provide you with a new card within 7-10 business days.
We are committed to protecting you from possible security breaches.
Please click on the following store links to see the latest available information.
Community Bank measures to protect your account and identity, please continue reading for more information.
We have added a card restriction to New Jersey and eastern PA until May 30 on specific merchants for swipe transactions. The merchant codes are:
5699 Misc apparel
5691 men’s & women’s clothing
5945 toy stores
Cards will be able to be used at these merchants as a pin based transaction. If you know of anyone traveling to eastern PA or New Jersey, let us know and we can make an exception to their card.