14 DAY TRIAL // Commonwealth Bank and other Australian banks cancelled over 10,000 credit cards after tracking fraudulent transactions back to a breach at an unspecified merchant.
Commonwealth Bank was the most affected financial institution, having to call around 8,000 of its customers to let them known that their cards will be replaced.
"[CommBank] continuously monitors all credit card transactions to protect our customers from fraud and during this process we became aware of a potential credit card compromise through an Australian merchant acquired by another bank," a spokesperson for Commonwealth Bank said, according to iTNews.
Bendigo Bank cancelled an additional 2,300 cards, while Westpac and the National Australia Bank (NAB) said that under 1,000 of their customers have been affected.
ANZ Bank was also affected, but it hasn't yet notified its customers about the incident. The bank uses specialized fraud detection software to monitor all transactions on the affected cards.
The targeted merchant's bank, suspected to be St George, faces fines from VISA and MasterCard under PCI-DSS rules, however, the more worrying is the fact that the name of the company where the breach originated is being withheld.
Security experts have called for more transparency and regulations that would force companies who suffer data breaches to come forward and inform affected customers in a timely manner.
"The thing for consumers to remember is they're not going to wear the cost of that. The fraud is going to go back to the financial institutions or the merchants," said Chris Hamilton, chief executive of the Australian Payments Clearing Association to the Sydney Morning Herald.
Credit card fraud loses in Australia were estimated last year at AU$155.4 million, which resulted from over 662,000 fraudulent transactions.