This horror story has two parts, the first of which was beyond UMB's control.
Heartland Payment Systems (hereinafter called Heartless) processes credit and debit card transactions between commercial entities - like retailers, restaurants, and other businesses - and the financial institutions that issue the cards. They are one of the largest such companies in the country. Sometime last year (probably May), their system was "compromised" - a fancy word for criminals hacking into the system and stealing information. However, they had no system in place to pick that up, much less prevent it. The way Heartless found out in October was that Visa and MasterCard noticed suspicious behavior. It took Heartless from October until January to find it. Then guess when they announced it - on January 20, Inauguration Day! They sure know how to bury bad news.
Heartless did not publicly disclose who has been affected. Isn't that amazing? They didn't even contact all the banks and let them know their cards had been hacked. Banks heard about it in different ways, and it was difficult for them to determine who was affected. But surveys of banks have been done - and this security breach may be the biggest ever.
Let's summarize: Heartless has no way to detect hacking - about 6 months after the fact someone tells them about it - it takes another 3 months for them to find it - then they hide it from the public. Nice guys!
This data breach has affected at least three of our local banks: B&K, UMB, and Regions - and it is NOT their fault. But how they react to this crisis tells us a lot about their competence and how they treat their customers.
I have no idea how Regions handled this.
Here's what Britton & Koontz did. They hustled until they were able to find out which of their customers might be affected. Then they sent them letters a couple of weeks ago telling them what happened, that their cards would be cancelled and new cards issued on a certain date, and in the meantime, they should check regularly for any suspicious behavior with their accounts. You couldn't ask for a more professional response. I've read local news stories from all over the country, and this seemed to be the response of most banks.
Now look at what United Mississippi Bank did. They cancelled the card first and then sent the letter. So suddenly your card is no good, and you have no idea why. I, and many, many other people, use our debit cards instead of checks. I tried to use mine to pay some bills online, and it didn't work - but I assumed that was the vendors fault. On Tuesday, I went to WalMart and had a cart full of stuff when I discovered my card was no good. The checkout clerk knew all about it - she said there were a lot of unhappy campers there. That little UMB branch in WalMart was jammed full of people. Fortunately for me, I did have one check in my purse - because the bank had run out of counter checks.
As it turned out, I was only inconvenienced. However, this could have had serious consequences. What if I had been out of town? Or needed my card for an emergency?
I went over to UMB today for an explanation, which was totally unacceptable. They said they were protecting us from unauthorized charges. Guess what? Other banks across the country were forgiving those charges. UMB was just protecting itself. I pointed out that everyone who uses online banking or has the NetCheck account is required to have an email. Why didn't they send an email if they were in such a hurry? Other banks were calling their customers. Why couldn't UMB do that? Because, no matter what they say, I don't think they really care about their customers. And I don't think they showed competence and professionalism in handling this crisis.
I took my money out of their bank and immediately deposited it in B&K, because I'm much more confident in their abilities and concerns.
Oh, when I got home, there was a letter from UMB. Thanks a lot for nothing.