COLUMBIA — South Carolina’s banks have combined their resources in a network to detect and prevent fraud on customers’ bank accounts following last fall’s hacking of taxpayers’ filings with the Department of Revenue, a banking official told legislators Thursday.
The fraud detection network should be in operation by month’s end, following some employee training, said Fred Green, CEO of The South Carolina Bankers Association.
Computer experts hired by the state determined that data stolen from the tax collection agency included 3.3 million unencrypted bank account numbers.
The association has found that 1.1 million of those are in-state and active, Green told a House committee looking into the mid-September cyber-theft, which the U.S. Secret Service alerted state officials to weeks later.
It was the nation’s largest hacking of a state agency. Unencrypted data was taken from 3.8 million residents and 700,000 businesses.
Banks and credit unions received the checking account numbers last month under a court order. Knowing precisely which accounts were compromised allowed banks to eliminate some customers’ unnecessary anxiety, as well as flag vulnerable accounts. It also allowed the association to compile the data and create the network, said Green, who called it a “friendly” court action required by state law.
If a customer reports or a bank detects fraud on a flagged account, banks and credit units across the state will be alerted in an effort to stop similar attempts.
“The first time someone reports, every other bank has the ability to screen for that kind of transaction coming in and look retroactively at what could have come in and contact those clients,” Green said.
Without such a network, each of the 160 banks and credit unions statewide would have to work independently within its own database, he said.
“We think this network will reduce the fraud impact by 80 percent because of early protection,” Green said.
The network protects the banks too.
That’s because federal law requires banks to reimburse customers who report fraudulent activity on their accounts within 60 days and sign an affidavit – a loss for the banks.
While the Bankers Association represents 99 percent of bank deposits in the state, some smaller banks aren’t members. Those banks, numbering fewer than 10, can participate in the network for a cost, Green said. He didn’t specify an amount.
The network will continue indefinitely, as banks could be dealing with concerns of fraud stemming from the hacking until all of those 1.1 million accounts are closed, Green said.
The association does not recommend that customers change their bank account numbers en masse, although banks will make that suggestion to certain customers. Not only is it a cumbersome process, due to automatic debits and deposits tied to accounts, but the kinds of accounts customers have may no longer be offered, he said.
Rep. Laurie Funderburk, D-Camden, thanked Green for the association’s work, noting that fraudulent activity on existing accounts is not detected by the Experian credit monitoring service offered to taxpayers. That $12 million contract for a year of alerts to newly opened accounts, for those who sign up, represents the largest single contract signed by Gov. Nikki Haley as part of the state’s response.