Community Bank Tips on Responding to Home Depot Breach

On September 8, 2014, Home Depot confirmed in a press release that its payment data systems have been breached, potentially affecting its nearly 2,200 U.S. and Canadian stores. Home Depot’s investigation is focusing on a timeframe from April 2014 forward.

According to Home Depot, the at-risk information includes full track data. PIN block data is NOT believed to be at risk at this time, nor is any information from its e-commerce site.

Visa began distributing at-risk accounts to issuers based on preliminary information provided by Home Depot as early as September 9, 2014.

The criminals apparently had enough information to get some banks to reset customers’ PINs. Banks are reporting that thieves were able to change the PINs on the cards using the banks’ automated IVR systems. Issuers have reported PIN debit fraud at ATMs in Canada. Additionally, some consumers have reported receiving spam emails phishing for personal financial data in conjunction with the breach.

The Community Bankers Association of Illinois (“CBAI”) and the Independent Community Bankers of America (“ICBA”) have informed lawmakers that the costs of reissuing cards should ultimately be borne by the party that experiences the breach.

CBAI and ICBA Recommends the Following to Community Banks and Customers:

  • When a community bank is contacted for a PIN reset or change request, implement a stronger authentication process by requiring the cardholder to accurately supply all necessary information before processing the request. Consider asking for the last financial transaction the customer conducted and/or the name, if any, of a joint customer on the account.
  • Consider instituting a “call back customers” process for PIN change and PIN reset requests to ensure such requests are valid.
  • Advise customers to review account activity frequently—either online or over the phone—and immediately report any suspicious card activity back to the bank.
  • Consider putting a section on your bank’s website with suggestions on ways that customers can protect themselves against a breach. Updating customers on the status of any current breaches could also be placed here. Providing information in an easily accessible location helps your customers find the appropriate information quickly, reducing confusion and phone calls to the bank.

Additional information and resources on how community banks can deal with this and other data breaches are available on ICBA’s comprehensive resource called The ICBA Toolkit on Maintaining Consumer Confidence During a Data Security Breach. See Toolkit.

New Initiative Seeks to Promote Executive Leadership of Cybersecurity Management

The increase in frequency and sophistication of cyber-attacks directed at financial institutions in recent years is requiring a shift in thinking on the part of community bank CEOs that cybersecurity is not simply an IT issue, but an executive level issue for the board room, senior executives and the CEO.

This is the core message of an initiative launched recently by the Conference of State Bank Supervisors (“CSBS”) called “Executive Leadership of Cybersecurity.” The goal is to promote and encourage community bank CEOs and senior executives to actively engage in the management of cybersecurity risks at their institutions.

“Executive leadership is critical to ensure sufficient resources and attention is paid to emerging cybersecurity threats,” said CSBS President and CEO John W. Ryan. “Ensuring that a financial institution’s defenses are able to protect against cyber-attacks is critical; not only to the bank, but for the bank’s customers and the sector as a whole.”

The Executive Leadership of Cybersecurity (“ELOC”) initiative doesn’t simply tell bank CEOs they should get involved in the cybersecurity management of their banks. The ELOC also shows bank CEOs how to get involved and what questions to ask their IT staff.

“ELOC encourages CEO engagement by bringing together current best practices and fundamental information on cybersecurity that is tailored for the bank CEO and by presenting it in a non-technical and easily understandable way,” Ryan said. “This information is culled from credible resources, such as the Federal Financial Institutions Examinations Council, the U.S. Department of Homeland Security, and the U.S. Secret Service, to name a few.”

Each week, for the next two months, new content will be published on the ELOC website that focuses on different cybersecurity topics, including the risk management process, incident response plans, the types of cyber-attacks, and much more.

To learn more about the Executive Leadership of Cybersecurity initiative and sign up to receive a cybersecurity 101 resource guide including content designed exclusively for bank senior management, Click Here.


CBAI Urges the FHFA to Grant Additional Time to Comment on Proposed Rule

September 10, 2014

The Federal Housing Finance Agency (FHFA) has proposed significant revisions to Federal Home Loan Bank membership eligibility requirements. If adopted the Propose Rule would have a profound impact on the FHLB System, FHLBanks and FHLB members. A thorough analysis and in-depth discussion of the intended and unintended consequences of the Rule requires an extension of the proposed 60 day comment period. CBAI has submitted a formal request to the FHFA to extend the comment period by at least an additional 60 days.  Read CBAI Letter.


CBAI Urges Federal Regulators to Ease Regulatory Burden

September 8, 2014

The Community Bankers Association of Illinois (“CBAI”) urged federal banking regulators to address outdated, unnecessary, or unduly burdensome regulation of community banks. In a recent comment letter on the review required by the Economic Growth and Regulatory Paperwork Reduction Act (“EGRPRA”), CBAI highlighted the need for tiered regulation and called on the regulators to encourage de novo bank formation, ease the quarterly Call Report burden, and increase the Small Bank Holding Company Policy Statement threshold to $5 billion (and allow small savings and loan holding companies to be covered by the Policy Statement). Read Comment Letter.


CBAI FedPac Fundraiser – A Grand-Slam!

CBAI extends a BIG THANK YOU to the many bankers, associate members, and staff for stepping up to the plate and supporting CBAI FedPac!


Nearly 50 FedPac supporters enjoyed an exciting bottom of the ninth St. Louis Cardinals’ victory over the Pittsburgh Pirates on September 3rd at Busch Stadium. It was a great opportunity to take off the banker pin-stripes, get comfortable, and have some fun. Many brought teammates which provided a great mix of veteran players and rookies that made this FedPac fundraiser another base-clearing home run!

2014FedPacBaseballSponsors 1

CBAI FedPac was created to enhance the voice of Illinois community banks in Washington, D.C. CBAI FedPac is an important tool for community bankers to exert a strong and proactive influence by supporting those Members of Congress who believe in our mission to compete and serve our communities and customers.

Participation in fundraisers like this event is an enjoyable and effective way to contribute to CBAI FedPac and get involved. CBAI sincerely thanks all of our team members for their contributions to CBAI FedPac.


Governor Quinn Signs CBAI Initiative HB 4677

August 28, 2014

Governor Quinn signed into law HB 4677 (P.A. 98-1067) on Tuesday. HB 4677 is trailer legislation for a 2013 CBAI initiative (HB 1335/ P.A. 98-0387) that amended the “good funds” disbursement authorization provisions of the Title Insurance Act to allow financial institutions and title companies that know each other and both agree to use cashier’s checks, teller’s checks and certified checks as settlement funds in transactions greater than $50,000. At the request of the Illinois Land Title Association, HB 4677 removes the provision that the title company and financial institution be “known to each other” and adds a provision that in order to use cashiers, tellers or certified checks as settlement funds, the funds must be used to disburse a loan and closing costs funded by the financial institution. Finally, HB 4677 removes a sunset provision that would have repealed all the new changes to the statute.

HB 4677 will finalize changes that have been sought by CBAI for five years to amend the settlement funds section of the Title Insurance Act and allow financial institutions and title companies to agree to the use of funds other than wire transfers or collected funds in transactions greater than $50,000. This will allow for more flexibility for community banks and title companies and will reduce closing costs for consumers.

CBAI appreciates the hard work and effort by both of the sponsors, Representative Ron Sandack (R- Downers Grove) and Senator John Mulroe (D-Chicago). CBAI would also like to thank Governor Quinn for understanding the significance of this bill and community banking in Illinois.