Visa, MasterCard Canada on lookout for fraud after Home Depot breach
The Canadian arms for Visa Inc. and MasterCard Inc. have opened up separate investigations to identify accounts at risk of fraud following the widespread customer data breach at Home Depot stores in Canada.
Home Depot confirmed last week that cardholders on both sides of the border may have had their information stolen when making purchases at the renovation chain.
Since then, Visa Canada and MasterCard Canada, in conjunction with their U.S. counterparts, have worked with forensic firms to identify accounts that could be compromised.
“There’s a standard process,” Rick Rennie, head of security and risk for MasterCard Canada said by phone Wednesday.
“The point of all this is to get information on potentially compromised accounts to our [bank partners], so they can protect their customers, via closer monitoring or, when necessary, re-issue cards,” Rennie said.
Rennie did not comment on whether or not Canadian banks that issue MasterCard credit cards had used information provided to them by MasterCard to cancel or re-issue specific account numbers.
“That’s up to each issuer, depending on their tolerance for risk, whether they want to block it up front or monitor it closely,” Rennie said.
Home Depot disclosed on Sept. 8 criminals had installed illegal software on its North American in-store payment systems – going as far back as April – that was designed to steal credit card numbers and other customer data.
There’s been no evidence to date that software could steal debit PIN numbers, the home renovation chain said.
A spokesperson for Visa Canada said it has the same kind of process designed to notify Canadian partner banks about specific at-risk accounts.
Most Canadian credit and debit card holders have so-called “chip-and-pin” cards that require the cardholder to punch in a protected pin at the point of sale.
That protection, which has come into force across the Canadian retail landscape since early 2011, is a major bulwark against more cards being used fraudulently, experts say, since a fraudulent transaction would likely fail if not accompanied by the four-digit code.
Retailers such as Target and now Home Depot are aggressively trying to roll out the more secure payment method at locations across the United States, which has lagged in deploying chip-and-pin technology.
Estimates have begun surfacing that suggest the Home Depot breach – the latest in a string of high-profile software break-ins at big retailers – could affect as many as 60 million accounts, including in Canada.
A spokesperson couldn’t confirm if some – or any – Canadian cardholders have had their cards cancelled or re-issued because of the Home Depot breach.
The total amount of fraudulent charges racked up could top $3 billion, according to credit protection service BillGuard.
WATCH: Sept. 3 — Home Depot is investigating a major cyber-security breach. It appears hackers have infiltrated the store’s computer networks, gathering customers’ credit card information and possibly selling the data online. Mike Drolet has the details.