Skip to main content

Some banks would not make any specific comments on the Home Depot situation, saying only that they have taken precautions to minimize any impact from the breach.

Justin Sullivan/Getty Images

The massive security breach at retailer Home Depot Inc., which affected as many as 56 million debit and credit cards across North America, has not resulted in a substantial boost in fraud in Canada.

Canadian financial institutions say they have so far seen little or no increase in fraud cases involving payment card as a result of the breach, which began in April.

National Bank of Canada said it has "identified a few hundred MasterCard credit cards to replace as a preventative measure," related to the Home Depot issue. Otherwise the bank is not taking any special measures, said spokesman Jean-François Cadieux said.

Story continues below advertisement

Bank of Nova Scotia spokeswoman Patty Stathokostas said her bank has seen "some instances of unusual activity" and it is closely monitoring customers' accounts. It is working with customers who may have been affected "to ensure their accounts are protected," she said.

Other financial institutions said they have seen no unusual rates of fraud.

There is "no uptick" in credit or debit card fraud among customers of Canadian Imperial Bank of Commerce, spokeswoman Caroline Van Hasselt said, noting that any clients who are concerned can get their cards replaced.

At Vancouver City Savings Credit Union, the country's largest credit union, "we are not seeing any unusual increase in credit card or debit card fraud as a result of the Home Depot security breach," said media relations consultant Lorraine Wilson.

Some banks would not make any specific comments on the Home Depot situation, saying only that they have taken precautions to minimize any impact from the breach.

One reason why Canadians may be less exposed to the Home Depot breach, said Toronto-Dominion Bank public affairs manager Meghan Thomas, is the prevalence of "chip and PIN" technology in this country. Most cards in Canada have electronic chips and require cardholders to type in a personal identification number when they buy something, making them less exposed to fraud than clients in the United States where that technology is not in as widespread use.

Raymond Vankrimpen, head of the risk management practice at Richter Advisory Group Inc. in Toronto, said the hack of the Home Depot computers didn't allow the criminals to get PIN numbers, so those cards that have them are less likely to see fraudulent transactions. PIN cards are "more difficult to exploit in big batches like what happened at Home Depot," he said.

Story continues below advertisement

Home Depot said last week that the cause of the breach was "unique, custom-built malware" used by criminals, but the bug has now been eliminated from its computer systems. Enhanced encryption has been completed at U.S. stores and will be in Canadian stores by early 2015.

Security blogger Brian Krebs initially reported the Home Depot breach in early September, when he said an analysis of card data posted on a "cybercrime store" website strongly suggested that a spate of stolen credit card information put up for sale came from the retailer. A few days later he said financial institutions in the United States were reporting a steep increase in fraudulent bank machine withdrawals, and these could be related to the Home Depot breach.

The Wall Street Journal reported this week that the data breach at Home Depot has started to trigger a flood of fraudulent transactions across the United States, as criminals use stolen credit card data to buy goods.

All the Canadian banks have made it clear that customers will not be held liable for an unauthorized or fraudulent transactions on their accounts. They also suggest cardholders carefully monitor their accounts for unusual transactions.

The Canadian Bankers Association said it collects annual credit card fraud stats from Visa, MasterCard and American Express, but it doesn't track fraud down to the specific incident. That is up to each bank to deal with, a spokeswoman said.

Report an error Editorial code of conduct
Tickers mentioned in this story
Unchecking box will stop auto data updates
Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to feedback@globeandmail.com. If you want to write a letter to the editor, please forward to letters@globeandmail.com.

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

Comments that violate our community guidelines will be removed.

Read our community guidelines here

Discussion loading ...

Cannabis pro newsletter