The massive security breach at retailer Home Depot Inc., which affected as many as 56 million debit and credit cards across North America, has not resulted in a substantial boost in fraud in Canada.
Canadian financial institutions say they have so far seen little or no increase in fraud cases involving payment card as a result of the breach, which began in April.
National Bank of Canada said it has “identified a few hundred MasterCard credit cards to replace as a preventative measure,” related to the Home Depot issue. Otherwise the bank is not taking any special measures, said spokesman Jean-François Cadieux said.
Bank of Nova Scotia spokeswoman Patty Stathokostas said her bank has seen “some instances of unusual activity” and it is closely monitoring customers’ accounts. It is working with customers who may have been affected “to ensure their accounts are protected,” she said.
Other financial institutions said they have seen no unusual rates of fraud.
There is “no uptick” in credit or debit card fraud among customers of Canadian Imperial Bank of Commerce, spokeswoman Caroline Van Hasselt said, noting that any clients who are concerned can get their cards replaced.
At Vancouver City Savings Credit Union, the country’s largest credit union, “we are not seeing any unusual increase in credit card or debit card fraud as a result of the Home Depot security breach,” said media relations consultant Lorraine Wilson.
Some banks would not make any specific comments on the Home Depot situation, saying only that they have taken precautions to minimize any impact from the breach.
One reason why Canadians may be less exposed to the Home Depot breach, said Toronto-Dominion Bank public affairs manager Meghan Thomas, is the prevalence of “chip and PIN” technology in this country. Most cards in Canada have electronic chips and require cardholders to type in a personal identification number when they buy something, making them less exposed to fraud than clients in the United States where that technology is not in as widespread use.
Raymond Vankrimpen, head of the risk management practice at Richter Advisory Group Inc. in Toronto, said the hack of the Home Depot computers didn’t allow the criminals to get PIN numbers, so those cards that have them are less likely to see fraudulent transactions. PIN cards are “more difficult to exploit in big batches like what happened at Home Depot,” he said.
Home Depot said last week that the cause of the breach was “unique, custom-built malware” used by criminals, but the bug has now been eliminated from its computer systems. Enhanced encryption has been completed at U.S. stores and will be in Canadian stores by early 2015.
Security blogger Brian Krebs initially reported the Home Depot breach in early September, when he said an analysis of card data posted on a “cybercrime store” website strongly suggested that a spate of stolen credit card information put up for sale came from the retailer. A few days later he said financial institutions in the United States were reporting a steep increase in fraudulent bank machine withdrawals, and these could be related to the Home Depot breach.
The Wall Street Journal reported this week that the data breach at Home Depot has started to trigger a flood of fraudulent transactions across the United States, as criminals use stolen credit card data to buy goods.
All the Canadian banks have made it clear that customers will not be held liable for an unauthorized or fraudulent transactions on their accounts. They also suggest cardholders carefully monitor their accounts for unusual transactions.
The Canadian Bankers Association said it collects annual credit card fraud stats from Visa, MasterCard and American Express, but it doesn’t track fraud down to the specific incident. That is up to each bank to deal with, a spokeswoman said.
Source: Globe & Mail