The traditional recovery from a breach like this involves sending a letter and e-mail to affected customers, manually lowering transaction limits, updating account information, then canceling and reissuing cards. One Massachusetts-based, $500 million community bank sought to minimize their cardholders’ inconvenience and loss from the Target breach in another way.
Three days after the Target news broke – a Friday morning – this bank still had not received a Compromised Account Management System (CAMS) alert from Visa identifying the stolen numbers. A quick account search for Target transactions during the time period in question revealed that approximately 10% of their cardholder base (900 cards) was potentially affected by the breach.
The RPA solution
Already a Nintex RPA customer, this bank was able to utilize the data automation software to automate the process of canceling and reissuing compromised cards, quickly and accurately, to minimize customer downtime. “We try to reduce the customers’ inconvenience, mitigate the risk associated with the fraud, and minimize the amount of interchange income we’d lose,” explained the bank’s Assistant Vice President of Operations Systems. “Nintex RPA helped us do all of that.”
Nintex RPA pulled the affected customers’ names, addresses, and other information and populated a form letter and e-mail notifying customers of the compromise. Nintex RPA then automatically performed file maintenance, changing user codes and adding notes to each affected account.
The bank next began the process of adjusting debit limits and updating user codes for each of the roughly 900 cards believed to have been compromised. “Foxtrot helped us manage the change in card status, the change in card limits, and the change in user code fields to identify which cards were potentially having problems,” said the AVP of Operations Systems. “All of this was completed in a couple of hours.”
The next step for Nintex RPA was to automate the card issuance process. By Friday afternoon, the bank had issued new cards to 40% of its customer base and issued the remaining cards the following Monday. After 30 days following the incident, Nintex RPA was used to automatically place any of the original cards that remained active into a “hot card” status.
“When something like this happens, it’s not going to happen once, so we built a process and scripts so we’re prepared for the next one,” said the AVP of Operations Systems. “Once you build a process with Nintex RPA, it’s really not even an event anymore. This really helped us manage a bad situation.”
By using Nintex RPA to automate this data breach recovery, this bank saved thousands of dollars in outsourcing and condense what would otherwise be a days-long process to a matter of hours. In doing so, they kept customers happy and reduced their exposure by notifying them of the changes quickly, updating their spending limits, and getting new cards into their hands fast.