You are viewing this article in the AnnArbor.com archives. For the latest breaking news and updates in Ann Arbor and the surrounding area, see MLive.com/ann-arbor
Posted on Mon, May 9, 2011 : 11:32 a.m.

Chelsea State Bank, FBI investigating 'widespread' fraud attack on debit card accounts

By Nathan Bomey

Chelsea State Bank is investigating a suspected incident of debit card fraud that caused bank officials to temporarily shut down the accounts of about 5,000 customers over the weekend.

John Mann, CEO of the 113-year-old institution, said the bank and the FBI are actively trying to determine how many customers were affected.

Chelsea_State_Bank.JPG

Some 5,000 debit card customers at Chelsea State Bank had their accounts frozen over the weekend after the bank detected attacks starting in Australia.

File photo | AnnArbor.com

"We're still putting things together with the extent of our losses and ... the number of customers that were actually affected," Mann told AnnArbor.com this morning. "But it was widespread."

Mann said the bank has about 5,000 debit card holders — and those accounts were frozen after the bank discovered suspicious purchases that started Saturday in Australia. He said bank customers whose funds were misused would not be forced to accept losses and that the bank's losses would be covered by insurance.

The bank notified its customers over the weekend that their accounts had been temporarily frozen.

He said it was too early to estimate how much money was affected. The FBI declined to comment.

Chelsea State Bank has two branches on Main Street in Chelsea and one in Dexter. The bank had $196.6 million in deposits as of June 30, according to data from the U.S. Federal Deposit Insurance Corp.

The attacker tried to "duplicate existing debit card accounts" by acquiring "a good (account) number" and running "sequential numbers after that" to make purchases, Mann said.

Mann emphasized that the attacker did not gain inside access to the customer's accounts. Instead, the suspect successfully forged account numbers to make purchases. He said it's too early to know how the attacker acquired the numbers.

"It's not a computer system breach," he said.

Mann rejected the suggestion that an employee or a local thief may have been involved, since the attacks started in Australia. He also said it wasn't the "result of local merchants" mishandling accounts.

For now, all Chelsea State Bank debit card customers can't use their cards.

"In order to prevent unauthorized transactions, we were forced to freeze our entire debit card payment base, so all debit card activity is effectively suspended for now," Mann said. "We hope to have it turned back on tomorrow."

The bank is urging debit card customers to contact bank officials if they believe their accounts were compromised.

AnnArbor.com reporter Lee Higgins contributed to this story.

Contact AnnArbor.com's Nathan Bomey at (734) 623-2587 or nathanbomey@annarbor.com. You can also follow him on Twitter or subscribe to AnnArbor.com's newsletters.

Comments

actionjackson

Tue, May 10, 2011 : 2:47 a.m.

Every bank wants us to use these Debit cards. I wouldn't touch one with a ten foot pole. Cash or a credit card that gives a minimum 1% cash back on all purchases. Pay it off at the end of the month and you come out ahead every time. Too easy to overdraw an account with debit cards especially with more than one user. I trust financial institutions as much as I trust insurance companies and health care providers, which is no trust at all. Good luck to all who have been taken by these hackers. Insurance may pay off the bank's losses however who do you think will pay their higher premiums in the future?

Violet

Tue, May 10, 2011 : 4:16 p.m.

Your idealism of credit cards is charming, but 1% cash back and credit card fraud protection isn't "free." You're paying a premium for that too.. Every time you use it your grocery store, gas station, clothing supplier has to pay for it. Thus raising your prices. You're still paying...Nobody gets a free lunch. Financial institutions aren't all out to get you we're not talking about wall street billionaires here, but your local bank. I'm willing to bet that whatever you do for a living, your services aren't "free" so why should your financial institution give you a free ride?

treetowncartel

Mon, May 9, 2011 : 8:15 p.m.

Cash is king!!

Greg M

Mon, May 9, 2011 : 7:57 p.m.

This is one of the major reasons I've resisted the switch to credit-enabled debit cards, despite the banks' obvious love affair with them. If you only use credit cards on the credit networks you're not responsible for fraudulent charges (or if you are it's a very low amount.) Plus you're not out any money while you wait for the bank to investigate. Of course nowadays it's almost impossible to get an ATM card that doesn't carry the Visa/Mastercard logo, but if you can, I think it's the best protection possible. That card is useless without the pin as it cannot be used as a credit card, but can still be used everywhere retailers ask you, "credit or debit?"

Cameron

Mon, May 9, 2011 : 7:03 p.m.

I am very glad they froze my account it is alot easier to stop a charge than reverse one. With the charges overseas could have taken weeks to months or a couple of low cash days. This caring and proactive reaction is why i stay with CSB. Thank you CSB.

actionjackson

Tue, May 10, 2011 : 2:49 a.m.

Wow, Thank You CSB. Hmmmm that's odd.

tom swift jr.

Mon, May 9, 2011 : 5:42 p.m.

You're right, Cara, the bank shouldn't have shut down all the accounts. They should have left them open so folks could go out to lunch on Sunday, 'cuz, of course, that's more important.. Good work CSB, you just RUINED lunch for all your customers... /humor filter off

Cara

Mon, May 9, 2011 : 7:57 p.m.

You are right, lunch is not more important. However, food for your family and gas to return home are vital. I've talked to many people who were stuck - no way to pay for purchased food, or no way to purchase gas and their car was on empty.

Cara

Mon, May 9, 2011 : 5:35 p.m.

We received our notice from the bank on Sunday - after the ATM told us we were overdrawn by $1000! What about the families that did not have cash available - their cards were declined all day on Sunday. No gas, no groceries, no brunch for mom, etc. I'm not sure why, using the PIN, we are unable to safely use our cards at an ATM!

pegret

Mon, May 9, 2011 : 4:57 p.m.

Actually, it sounds like the Chelsea State Bank was on top of it, if the fraudulent charges just began in Autralia on Saturday, and that's when they took action.

Townie

Mon, May 9, 2011 : 4:18 p.m.

This is the second story on AA.com about banks who seem to not pay a lot of attention to what is going on. The previous story was about someone at a bank who stole over $700k before the bank noticed (so much for their internal audit control). Don't trust banks - they really can't monitor things the way you think they should; it's up to you.

Bear

Thu, May 12, 2011 : 8:57 a.m.

That's gibberish.

SillyTree

Mon, May 9, 2011 : 3:45 p.m.

Wouldn't the hacker have required the security code on the back of the card? If not, why not?

Jared Mauch

Mon, May 9, 2011 : 6:23 p.m.

I heard that the lack of a correct CCV was the issue that alerted them to the issue and many denied transactions. The process worked and things were denied, but I think the widespread impact is what led them to this "abundance of caution" action of suspending the cards.