I haven’t seen this posted anywhere else…
I received in the mail today replacement Discover Cards for my wife and me. Our cards were not due to expire for quite a while. They were attached to a special-purpose mailing sleeve, not the generic sleeve they usually use when mailing out new cards. Some highlights of what’s printed on the sleeve (italics added by me):
“Destroy your current card because it will be deactivated shortly and you will no longer be able to use it for purchases.”
Why you’re getting a new card
Heartland Payment Systems, a company that processes credit card transactions for merchants, experienced a compromise. This incident did not involve any Discover card systems, and there is no evidence that an unauthorized individual is using this account number. Please be assured that, based on information received from Heartland Payment Systems, this incident cannot cause identity theft. Heartland Payment Systems has created a Web site to assist you with any questions you may have about this situation. Please visit 2008breach.com for more details.
To reduce the possibility of fraud on your account, we are issuing you a new card. For the security of your account, we replaced the security codes on your card without changing your account number. Discover continually monitors the security of the credit card environment so we can take preventive measures to better protect your account. As always, you are never responsible for unauthorized charges to your account through our $0 Fraud Liability policy.
While it may be true that this incident by itself is unlikely to cause identity theft for any particular cardholder, the fact of the matter is that when your credit card number, expiration date and (possibly) name is exposed to someone with nefarious intent, they’re a lot closer to being able to steal your identity than they were before.
I’m not sure whether to be concerned about the fact that they aren’t changing people’s account numbers. I suppose that changing the expiration date is sufficient, since the on-line card verification networks all check both the card number and expiration date.
I must say I’m a little puzzled by the fact that Discover waited to replace cards until eight months after the discovery of the breach. Many other card issuers started replacing cards within days of Heartland’s first announcement.