Breach, Threat Management, Data Security

Bank reports payment cards used in Chicago cabs being compromised

Travelers that recently charged a Chicago cab fare to a payment card may want to be on the lookout for fraudulent charges, according to Illinois-based First American Bank, which warned its own customers on Friday against using their MasterCard debit cards in Windy City taxis.

Christine Childers, associate general counsel and compliance officer with First American Bank, told SCMagazine.com on Monday that the financial organization first learned something was amiss on Feb. 10, after it received more than 10 complaints from customers receiving fishy charges.

“We looked for common points of compromise,” Childers said, explaining that once a bank gets at least 10 common points, it can then file a claim with MasterCard. “The common point [in this case] was the use of cards in Chicago taxis.”

Through an investigation, First American Bank learned that compromised individuals had used their debit cards in American United, Checker, Yellow, and Blue Diamond taxis, as well as others that fall under the umbrella of Taxi Affiliation Services and Dispatch Taxi, Childers said.

After learning what was transpiring, First American Bank has been proactive by automatically canceling and reissuing cards to customers that charge their fares, Childers said. As of Friday, the bank has reissued 227 cards, she said, adding that there have been 478 attempts to use closed cards, which would have amounted to about $64,000 in charges.

But the road to correct the issue has been rocky for First American Bank. The financial group reached out to MasterCard, but was told the details of the investigation are confidential and nothing further could be discussed, Childers explained.

“We are aware of and investigating reports of a potential breach affecting taxi cabs in Chicago,” Jim Issokson, senior business leader, reputation and issues management for MasterCard Worldwide, told SCMagazine.com in a Monday email statement.

He added, “To be clear, MasterCard's own systems have not been breached. Our cardholders can continue to use their MasterCard card as normal; they're protected by our Zero Liability policy. Simply put, they are not responsible for purchases made with a lost or stolen card.”

Meanwhile, First American Bank has also reached out fruitlessly to Bank of America Merchant Services and Bank of America, which handles payment processing for the taxi companies, Childers said. She explained that Bank of America has not listened to recommendations to discontinue payment processing until the issue is fixed.

“Bank of America Merchant Services takes allegations of data security matters very seriously and follows all industry rules and legal mandates to investigate issues,” Joe Rauch, communications manager with Bank of America Merchant Services, told SCMagazine.com in a Monday email statement.

He added, “We continue to work and cooperate with our industry partners on this investigation. At this stage of the investigation, it has not been determined that a data breach of a merchant or any of our systems has occurred.”

Childers said that she has not heard of any other banks that may have been affected, but added that she suspects any other cardholder could be compromised.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.