SALT LAKE CITY — A Utah man’s story is highlighting a growing problem that stems from recent hacker attacks on major retailers.
Sometimes those whose card numbers have been poached don’t know there is trouble until months down the road. The issue is also raising questions about available technology and card security.
Doug Russell hadn’t heard of last year’s hack on Harbor Freight Tools until he got a call recently from a representative from Bank of Utah who told him his card had been compromised.
“I said, ‘Gosh,’” Russell recalled. “I love the store. It’s close to where I live. It’s a great store, but it was at least Christmas since I had shopped there. I couldn’t even remember when.”
It turned out, Russell’s card number was scooped along with many others during a cyber attack on the company last summer sometime between May 6 and June 30.
“It’s just been out there floating around, so yeah, that’s the concern I had is that it took that long,” Russell said.
Utah Department of Commerce spokesperson Jennifer Bolton said she was not aware of any complaints being filed with the department.
Bank of Utah chief deposit officer Craig Roper said the Harbor Freight attack impacted between 50 and 100 customers there, but there were no indications of fraudulent charges to any of those card holders’ accounts.
According to a recent report, federal officials estimate close to two dozen retailers have been hacked like Target and Harbor Freight, and they expect the pattern to continue in the coming months.
Some tech experts have suggested smart cards with microchips, which have been widely used in Europe over the past decade, would offer greater protection to U.S. card holders.
Roper said he had been told by merchant operators that the expense to merchants to upgrade their systems would be too great, and that has slowed the card's adoption in the U.S.
Others have suggested U.S. companies are reticent to adopt the technology because the future lies in smart phone purchases.
Roper said Bank of Utah was planning to roll out a new app later this year that would allow users to remotely turn on or turn off their debit cards. He said the program could also be configured to allow transactions at certain types of merchants, or to allow transactions only when the smartphone is near the transaction site itself.
“That gives the customer the control of their card,” Roper said.