Unofficial Blog

<< Talk about FORUM and get paid! | CU Online Update - Non-Flash Login >>

Heartland Payment Systems Data Breach as Reported on Fox News

Thursday, 22 January 2009 16:04 by Andy

We have been informed by MasterCard that a security breach at Heartland Payment Systems, a third party payment processor that serves over 250,000 retailers nationwide, could impact a significant number of our members’ debit cards. At this time we are working with MasterCard to determine the cards that might have been compromised in this security breach. The breach occurred during the time period of May, 2008 through August, 2008. We have not experienced an increase in fraudulent activity in our card base as have other financial institutions with cards involved in this security breach.

At this time we are asking our members to pay close attention to the activity on their debit cards and report any suspicious activity immediately by calling 317.558.6337 or 317.558.6332. As we continue to get further updates from MasterCard on the extent of the security breach we will communicate this with you. We will make a determination on our actions regarding the impacted cards once we have confirmation on the severity of the breach and the cards impacted. We are closely monitoring all of our suspicious activity reports and will continue to employ the latest security measures.

If you have any concerns please contact Member Services at 317.558.6299, use our Live Chat service or visit one of our branch locations.

Tags:		debit cards, security
Categories:		Updates on FORUM
Actions:		E-mail \| Permalink \| Comments (27) \| Comment RSS

Heartland Payment Systems Security Breach UpdateHeartland Payment Systems security breach update has been posted concerning the latest developments.FORUM Receives First Place and Honorable MentionIn September, the Indiana Credit Union League (ICUL) hosted a banquet and presented plaques to state...Tell the FORUM StoryAfter listening to a recent speech by FORUM Credit Union’s new CEO, I keep thinking about new ways t...

Comments

January 23. 2009 10:43

I would have great difficulty checking this online since you have worked on the system. My work comoputer will not allow the update of adobe. My iphone will not allow the update, and my home computer is shutting down every time I attempt to download adobe. Do you have any suggestions as to how ZI am now to access my accounts online? n You have made it impossible for me to do any online banking now.

Martha Fair

January 23. 2009 14:05

You can log in to our CU Online system using our non-Flash login page. The address is: www.forumcuonline.com/.../Login.aspx

It should look almost the same as the Flash login but it will not require you to download flash to access you accounts. Each time you log in you will be asked to answer one of the security questions as second security measure since you are bypassing the biopassword authentication system. Once into CU Online the only difference will be the account bars will look slightly different.

Andy

January 23. 2009 14:41

I am having the same issue as Martha. Due to the enhancement I am unable to log in to online banking even with the non-flash page you provided. Kind of frustrating!

Amy M

January 23. 2009 15:50

Is this the way I was suppose to do this

Jerry Mason

January 23. 2009 17:46

I have been unable to log in to check my account. It will not allow me to type in my user name or password.

larry hutcherson

January 23. 2009 20:04

Amy,
One of our representatives has attempted to contact you to get more specific info so that we can help you.

Larry,
Two possible solutions for you to try. One is to reboot your PC if you haven’t already and did download the Flash update. You can also try using the non-flash login site. The downside to this site is that you will be prompted to answer a security question every time that you log into CU Online. The non-flash address is: www.forumcuonline.com/.../Login.aspx

Andy

January 23. 2009 21:04

Flash Fix:
I had trouble with the Flash update, too. I'm on a Mac, and when unzipped, the Flash update .dmg showed up as a text file instead of disk image. The remedy was to select the file, do a Get Info (cmd + I). In the "Open with" pull down menu, select DiskImageMounter.app. Then double-click the .dmg file to mount it as a disk. This worked for my machine, and I was able to access my account with no trouble.

Caron

January 23. 2009 21:46

What is my financial risk if my card is used fraudulently? You lose the money or I lose the money?

robyn

January 23. 2009 22:29

Your financial risk is $0 if you report the financial transaction immediately upon discovery. If you wait to report the fraudulent activity for 30 or more days after receiving a statement with the fraudulent transactions listed your financial liability does increase. FORUM cards are issued under the MasterCard brand which carry the Zero Liability feature.

Andy

January 24. 2009 14:08

I accepts my username and password but it says I have to update my security questions and when I try it locks up my computer. I havnt been able to access my account at all.

gary

January 24. 2009 17:14

I had trouble with security questions ,would not let me ansser the the questions.

Jean

January 24. 2009 20:42

I, too, can no longer access my account via the adobe download or the alternative site you have suggested. I can input my ID and password and then all I get is a floating box with no way to enter any data. I cannot go any further in the logon. I am using Windows 98 with a 56K modem. I really need to access my accout ASAP. Please advise.

Joanne Myers

January 24. 2009 21:23

We are having technical support check into the non-flash login site. It is working at this time but with your specific situation we are researching to see if there is an issue.

Some of the issues with not being able to answer the security questions can be related to downloading the new flash player but not rebooting your system. If you have not rebooted after downloading the new player please try that as a first step. It could also be that the new flash player didn't download correctly the first time.

We will post additional tips when we have them.

Andy

January 25. 2009 13:12

Ive downloaded flash a 2nd time and rebooted both times and I still cant get past the security questions. I need to access my account!

gary

January 25. 2009 20:11

One issue that we have been able to identify is that for some system setups using the Tab key instead of the Enter key at the security question prompts is causing the fields to be erased. If you are using the Tab key, try using the Enter key. If this does not work, please email me with a phone number and we will have support call you at your convenience and see if we can find an answer to your issue.

Andy

January 26. 2009 09:18

Thank you Andy! I am able to log in now!

Amy M

January 26. 2009 11:19

There seems to be some type of flaw in your new "security questions" system. I input my answers the very first time, and that is the only time I had to do it. The log-in has asked for user id and password only, and sometimes will let log me in, sometimes it will not. Yes I did update with the flash player. Every time I go to log in there is a 50/50 chance I will receive an error message. Perhaps you should go back to the drawing board.

January 26. 2009 12:54

Actually the security questions are just for when you forget your password or username. As long as you are using the regular login site, we are still employing our biometric security feature that is based off of your typing rhythm which maybe why you are not getting in every time. Overtime your login template will be modified to adjust for this variation in your typing rhythm. Our security system is only being updated with the latest version of the biometric software, it is not a new system. If you continue to have issues, please contact our member services center or use chat as they may be able to help if there is something that is out of the ordinary with your situation.

Andy

January 27. 2009 01:43

I continue to be unable to access my accounts online. I have downloaded Flash Player 10 twice and have tried to access the alternative website with no success. As I mentioned earlier, I have Windows 98 and a 56K modem. Looking at the system requirements for Flash Player 10, it is not compatible with Windows 98. I need Flash Player 9. Will Flash Player 9 work with your system? If it will work, how can I download it? And, why does your non-flash player website not work for me? Please advise. Again, I really need to access my accounts ASAP. Thank you for your prompt attention to this matter.

Joanne M.

January 27. 2009 10:02

I am unable to download the Flash player to my computer so I rebooted and attempted to login without it. All I get after I enter my login and password is a line of text and then it says "Done but with errors" at the bottom of the page. I am unable to online bank at all and am very frustrated with your new system!

January 27. 2009 10:17

It could be that your Flash is downloading but not actually installing if you are connecting from a work PC and network connection. Please call or use chat so that we may assist you directly with your issue. You can also use the non-Flash site by clicking on the link below:
www.forumcuonline.com/.../Login.aspx

Please click on the link from this post as the blog software truncates the address, retyping it or using copy and paste will not get you to the correct login page.

Andy

January 27. 2009 10:17

Since the change, I get an error when trying to update my account on Quicken. Looks like there needs to be some work done to enable Quicken to download Forum accounts with the new security system.

Nate

January 27. 2009 13:15

To a previous question:
What is my financial risk if my card is used fraudulently? You lose the money or I lose the money?

Your response was:
Your financial risk is $0 if you report the financial transaction immediately upon discovery...

Since you are just now informing us of this breach which took place over 30 days ago:

-How are we protected from any previous liability under your quoted "Zero Liability" feature?

-Why do you not just issue cards with new account numbers to those whose accounts were reported to you, to provide further protection?

Larry

January 27. 2009 13:35

Our security provider is working on a solution for the Quicken issue. In the meantime we have been giving the following advice to our members so that they can continue to use Quicken even though it is not our ideal solution.

For Quicken direct connect users, log into CU Online and download the account history in Quicken format. Then use this file to import the data into Quicken. It is an extra step but it does provide access during the interm while we assess our options with this issue.

Andy

January 27. 2009 13:59

We were just informed of the security breach last week. The initial report included all cards that performed transactions during that time period which doesn't indicate the data was compromised. It just indicates the potential that the card data was compromised. This week we are informing members whose cards have been identified as having their data compromised. We will be issuing them new cards. We have talked to several members on this issue and the overwhelming majority have opted to monitor their cards and do not want to have their card reissued unless the data has truly been compromised. Based on these member reactions, we intend to continue with our plan of only reissuing those cards that have had the data compromised. We anticipate that the number that have been compromised will be much less than the number of cards that performed a transaction through Heartland Payment Systems during the specified time frame. Our past experience shows the number will be significanly less than the potential that could have been compromised.

We feel providing full disclosure of the situation is the best method. Many of the members who performed transactions that were processed by Heartland Payment Systems will not be included in the final list of true compromised cards. We are always trying to balance the protection of members accounts with not disrupting their daily financial activities unwarranted.

As always, our member service representatives either at the branch, in the call center or on chat would be happy to address any individual concerns and issues.

Andy

January 28. 2009 11:36

I also cannot log on. It will upload the Adobe. I get to the page and it just stops. What do I need to do?

Kristine Schneider

January 29. 2009 14:26

When at work I have to use the non-flash option as many others because we don't have administrative rights to our PC to download a non-approved software. I could access the non-flash site earlier this week to gain access to my account info. But today that option is not working. I'm getting a line of code instead of the security question. Have you killed that option already?

Sherry