I have to say BofA did the smart thing in closing the old account and issuing a new card immediately. I wish they would’ve emailed a notice as well – I did receive my normal “payment has posted” alerts.

However, BofA is the first card company I’ve heard from regarding this and I have several other Visa and MC cards. I’m wondering now if the other banks will take the same actions as BofA.

I’m also curious who the “third party” was and how the “compromise” occurred.

Fortunately, I have never had a fradulent transaction on any of my credit cards. The closest I ever had was about 15 years ago when they used those dialup Verifone terminals most places, and a shop was having trouble with the machine where the card didn’t seem to go through until the 3rd try. In that case, it was a legitmate mistake though, and the shop gave me no trouble about reporting the error to the card issuer (I only noticed it because the card had a 0 balance to start with and when I checked balance, my available credit was reduced by 3 times the purchase amount).

From these comments, I’d say it’s not really BofA’s responsibility to give you free credit monitoring, but it IS the 3rd party’s responsibility to pay for it, and I think it should be your choice of credit monitoring services.

Companies that handle sensitive financial information (be it credit card, checking account or whatever) HAVE to be held responsible for these things, and they should NEVER get away with just a slap on the wrist (especially in situations like ChoicePoint, where they were using live data in an unauthorised environment).

The sad thing is that some of these are probably inside jobs, and in a large organization it’s very difficult to be sure what everyone’s up to – the micromanagement that would be required results in a hostile workplace, and all of the good employees will move on. You have to have employees you can trust, but then again, you’d be surprised at who might be the thief/spy/etc. (I know I’ve seen people fired for theft at various jobs that I never would’ve suspected.)

I say you tell them to shove it.

Sure, BoA admitted it was their mistake and said the manage will get in trouble, but they let it happen in the first place. They don’t care about you or your money.

I work for a local community bank, and it’s very important for people to know that it is not Bank of America (or any bank’s) fault that your information was compromised. Millions of cardholders at banks around the country are affected by this. As their letter that you posted stated and the last comment mentioned, the compromise was with a third party processor — basically, when you use your credit card, the vendor doesn’t dial directly in to your bank for approval. A third party processor (NYCE and STAR are somewhat commonly known) handles the transaction in real time, which either approves or denies the request. The information is later passed on to your bank so that it may be posted to your account (this delay is sometimes evident… memo postings, anyone?).

Banks are not doing a good job of telling customers this because, frankly, it opens them up to lawsuits for blaming the third party processor who is actually responsible (plus it’s confusing to customers).

I recently received a similar letter from my financial institution, after Heartland Payment Systems (which processes my credit card payments) was hacked. I received a new credit card, but no credit monitoring. No worries, because I already had it. I understand that a class action suit has been pressed to get similar help for others whose card info was stolen.

It’s interesting that BA used the phrase “third party location”. How … vague. Was this a Visa? If so, you may find interesting the article at the following link:

http://lastwatchdog.com/secrecy-shrouds-breach-payment-cards-processor