The Barbados Banking Association is assuring Barbadian customers that their information is safe after several reports of security breaches associated with bank cards.
This breach is said to have occurred within a “very small percentage of the customers of local banks” and the institutions have already responded to those affected.
“Whether a breach is as a result of unauthorised access to a local bank’s systems or occurs when their clients are engaged with a third party, our members are committed to working with their customers to address impacts.
“Our members will always act in accordance with best practice and the law in alerting relevant parties. They will also act in good faith, communicating relevant information to the public, their partners and other members of the association,” the Banking Association said in a statement.
The financial group, which includes FirstCaribbean International Bank, First Citizens Bank, RBC Royal Bank, Scotiabank and Republic Bank, also issued safety guidelines for customers.
The statement follows in full:
Following the recent reports of data security breaches which indirectly affected a very small percentage of the customers of local banks, the members of The Barbados Bankers Association (TBBA) wish to assure Barbadians that the sector takes the security of personal data very seriously and incorporates best-practice processes and systems to this end.
Financial institutions have moved swiftly to contact the affected customers to take the necessary action, potentially including replacement of customers’ cards.
Currently, the Data Protection Act (2019) (the Act) outlines the obligations of Data Controllers (collectors of personal information e.g. commercial banks) and Data Processors (contracted by data controllers to process personal information e.g. credit card statement provider) where there are data breaches i.e. unauthorised access to personal information maintained by a data controller or a data processor. The Act gives financial institutions directions regarding the required course of action on communications, should the breach be as a result of their own internal systems.
However, in the recently reported incidents, the breaches did not result from unauthorised access to customers’ personal information held by the commercial banks in question. Rather, it appears to be related to a small number of online retailers whose websites are used by customers for online shopping.
Whether a breach is as a result of unauthorised access to a local bank’s systems or occurs when their clients are engaged with a third party, our members are committed to working with their customers to address impacts. Our members will always act in accordance with best practice and the law in alerting relevant parties. They will also act in good faith, communicating relevant information to the public, their partners and other members of the association.
Bank customers are also encouraged to do their part in safeguarding their personal data by continuing to take precautions to protect the security of their cardholder information by adopting the following:-
Whenever possible, refrain from saving credit card information on websites when purchasing items online
Make online purchases only from secure websites which carry the lock symbol and ‘https’ prefix in the URL
Use familiar websites
Cardholders are encouraged to use sites that require the unique three-digit card verification value code (CVV) that is usually found at the back of cards
Monitor your account and report any unrecognized transactions to your financial institution immediately.
Avoid making purchases over public WiFi networks
Be wary of Email Phishing and Smishing scams and associated dubious links.
Use complex passwords (a combination of letters, numbers and symbols)
Ensure your mobile device or laptop is using the latest software including Antivirus applications
We would like to reiterate to Barbadians the importance of assessing the security of websites on which they undertake financial transactions.
Additionally, some of our member banks also have alerts/notifications set up for when their customers’ credit/debit cards are used. As such, we encourage customers to liaise with their respective banks so that they can activate these notifications.
We wish to assure all Barbadians that the Association and our members, will continue to work with our partners as appropriate to ensure data safety and mitigate the novel methods by which hackers seek to gain access to cardholders’ data.