Welcome to Nintex

Looking for Foxtrot resources? Easily find them here:

Nintex RPA

Learn more

Case Studies

Discover

Free Trial

Request

Nintex Community

Find solutions

A rapid response minimizes the impact of data breaches

On December 19, 2013, Minneapolis-based Target Corporation announced their customers had been victims of one of the largest credit card breaches in history. The retailer revealed that between November 27th and December 15th of that year, hackers stole nearly 40 million credit and debit card numbers using malware installed on point-of-sale (POS) machines throughout stores nationwide. Target later revised the number of compromised cards upward to 70 million.

News of the Target breach hit small and mid-sized card issuers hard. They faced the prospect of somehow manually changing cardholder limit and noting accounts, then canceling and reissuing cards. Scores of banks used data automation software to automate the entire process, performing what would otherwise be handled by a few unlucky employees over the course of a weekend, in a matter of hours.

Company
Banking Institution
Industry
Financial Services
Country
Capabilities Used
Download Document

Who they are

A Massachusetts-based $500 million banking institution that was affected by the 2013 Target Corporation breach.

What they needed

After the breach in security, this bank had 900 compromised debit cards and sought a way to automate the entire data breach recovery process.

How they did it

Using Nintex RPA, the institution was able to automate the process of canceling and reissuing compromised cards. Nintex RPA identified which accounts had been compromised, populated a form letter and e-mail notifying customers of the compromise, managed status changes, and automated the card issuance process.

The challenge

The traditional recovery from a breach like this involves sending a letter and e-mail to affected customers, manually lowering transaction limits, updating account information, then canceling and reissuing cards. One Massachusetts-based, $500 million community bank sought to minimize their cardholders’ inconvenience and loss from the Target breach in another way.

Three days after the Target news broke – a Friday morning – this bank still had not received a Compromised Account Management System (CAMS) alert from Visa identifying the stolen numbers. A quick account search for Target transactions during the time period in question revealed that approximately 10% of their cardholder base (900 cards) was potentially affected by the breach.

The RPA solution

Already a Nintex RPA customer, this bank was able to utilize the data automation software to automate the process of canceling and reissuing compromised cards, quickly and accurately, to minimize customer downtime. “We try to reduce the customers’ inconvenience, mitigate the risk associated with the fraud, and minimize the amount of interchange income we’d lose,” explained the bank’s Assistant Vice President of Operations Systems. “Nintex RPA helped us do all of that.”

Nintex RPA pulled the affected customers’ names, addresses, and other information and populated a form letter and e-mail notifying customers of the compromise. Nintex RPA then automatically performed file maintenance, changing user codes and adding notes to each affected account.

The bank next began the process of adjusting debit limits and updating user codes for each of the roughly 900 cards believed to have been compromised. “Foxtrot helped us manage the change in card status, the change in card limits, and the change in user code fields to identify which cards were potentially having problems,” said the AVP of Operations Systems. “All of this was completed in a couple of hours.”

The next step for Nintex RPA was to automate the card issuance process. By Friday afternoon, the bank had issued new cards to 40% of its customer base and issued the remaining cards the following Monday. After 30 days following the incident, Nintex RPA was used to automatically place any of the original cards that remained active into a “hot card” status.

“When something like this happens, it’s not going to happen once, so we built a process and scripts so we’re prepared for the next one,” said the AVP of Operations Systems. “Once you build a process with Nintex RPA, it’s really not even an event anymore. This really helped us manage a bad situation.”

By using Nintex RPA to automate this data breach recovery, this bank saved thousands of dollars in outsourcing and condense what would otherwise be a days-long process to a matter of hours. In doing so, they kept customers happy and reduced their exposure by notifying them of the changes quickly, updating their spending limits, and getting new cards into their hands fast.

We try to reduce the customers’ inconvenience, mitigate the risk associated with the fraud, and minimize the amount of interchange income we’d lose. Nintex RPA helped us do all of that.
Bank’s Assistant Vice President of Operations Systems

Interested in learning more?