[Travis]

Sam's Club, a division of Wal-Mart Stores, is investigating a security breach that has exposed credit card data belonging to an unspecified number of customers who purchased gas at the wholesaler's stations between September 21 and October 2.

In a brief statement released earlier in December, Sam's Club said it was alerted to the problem by credit card issuers who reported that customers were complaining of fraudulent charges on their statements.

It's still not clear how the data was obtained, according to the statement. But "electronic systems and databases used inside its stores and for Samsclub.com are not involved," the company said.

Sam's Club is currently working with both Visa International and MasterCard International to investigate the breach. The company also has notified the U.S. Attorney's Office for the Western District of Arkansas and the Secret Service.

Sam's Club officials didn't respond to calls for comment.

Customers alerted

In a statement, Visa said it has alerted all of the affected financial institutions, asked them to provide independent fraud-monitoring services to affected customers and requested that they issue new cards as needed.

"Visa will continue working with its member financial institutions, merchants and appropriate authorities to do whatever is necessary to protect cardholders," Visa said.

Kayce Bell, COO at Alabama Credit Union, said the company is reissuing cards to about 500 credit card and debit card holders as a result of the breach. The credit union was alerted to the problem last week by Credit Union National Association, she said.

"We received information through our national reporting service that there had been a very large breach of data at Sam's Club," Bell said. About 500 debit cards and credit cards issued by ACU were among the accounts compromised in this incident, she said.

Tough on Credit Unions

This isn't the first time this year the credit union has had to block and reissue credit and debit cards at Visa's request. Earlier this year, the ACU had to deactivate and reissue about 1550 cards after Visa notified it that cards compromised in a CardSystems breach in June were being used fraudulently.

"I find the breach at Sama??s Club to be quite surprising," said Corinne Sherman, vice president of card services at the Pennsylvania Credit Union Association. What is especially of concern is that Sama??s Club appears to have stored information from both tracks of the magnetic stripe on the back of credit cards, thereby raising the potential for data thieves to create counterfeit cards, she said.

Considering the number of similar breaches that have been publicized this year, "it surprises me that large merchants like Sama??s havena??t rushed to secure their systems yet," Sherman said.

The fallout from such breaches is especially hard on credit unions, a vast majority of whom dona??t have the size and scale of larger banks, she said. The typical hard costs involved in blocking and replacing cards is around $3.50 per card, she said. But longer-term costs in terms of damage to reputation, customer churn and future fraud losses are much harder to calculate, she said.

"The average consumer doesn't understand that it was Sama??s Club who was at fault and not the actual issuer of the card," she said.

Rest of Article

This post has been edited by dissolutions: 14 December 2005 - 09:31 PM