Heartland Payment Systems Security Breach

Information updated as of February 4, 2009

Security Alert — Heartland Data Breach

What happened?
Heartland Payment Centers, a company that processes debit and credit transactions for thousands of merchants nationwide, was subject to an illegal data intrusion. St. Mary’s Bank has been informed by Visa® that this data breach may potentially affect some St. Mary’s Bank debit card holders. This does not necessarily mean that data related to your account was taken or that fraud has occurred on your account.
The data breach potentially exposed card numbers, expiration dates and other data from the card’s magnetic stripe. In a small percentage of cases, the cardholder name may also have been exposed. No personal information linked to card numbers, such as social security numbers, PIN numbers, checking or savings account numbers were disclosed.

How does this impact me?
Please be assured that St. Mary’s Bank is actively monitoring the activity on your account to protect you from fraud. We use sophisticated fraud detection software that monitors every card transaction, 24-hours-a-day, seven-days-a-week.
You will be contacted if you need to take any action. As always, we strongly encourage you to review your monthly statement carefully and call us immediately if you see any suspicious activity. It’s also important to note that in the rare event fraud does occur, as a Visa® cardholder you are protected with Visa®’s Zero Liability* policy, which means you pay nothing for unauthorized purchases on your account.

Will my debit card be re-issued?
Not all St. Mary’s Bank Visa® Debit Cards are affected by this data breach. If any cards related to this breach, or other fraud-related concern, are identified for reissue, the affected card holders will receive a letter advising of the compromise and information regarding the card re-issue process. Please call our Member Contact Center 1.888.786.2791 if you have any questions.

Was my St. Mary’s Bank credit card involved?
Because we do not service the credit cards we do not have that information available. However, you may contact 1-888-295-5540 or the number on the back of any of your credit cards.

Has the security breach been fixed?
Yes. The affected party is working with Visa® and law enforcement to ensure no further information is exposed.

Can you tell me if my card information was stolen in this incident or if it has been used fraudulently?
Although certain card account data may have been exposed in this incident, it does not necessarily mean that data related to your account was taken or that fraud has occurred or will occur on your account. Appropriate action will be taken by St. Mary’s Bank if and when there is an increased potential for fraud. Affected debit card holders would be notified in writing.

Am I protected?
In partnership with Visa®, St. Mary’s Bank offers consumers multiple layers of security protection against fraud, including Visa®’s Zero Liability* policy, the ultimate protection for cardholders. With Zero Liability, consumers who notify us timely are not responsible for any unauthorized purchases made on their Visa® cards.

What can I do to minimize my exposure to fraud?
While we employ the latest systems and technology to monitor and prevent card fraud, and many processors and merchants also take the necessary precautions to protect your card information, there are some practical steps you can take to help protect yourself:

• Enroll in eStatements. eStatements are not sent by e-mail or by paper to an unsecure mailbox.  This will ensure that your account numbers remain behind a secure login. We use 128-bit encryption, which is the strongest level of encryption currently available for public use in the United States, to protect any information sent between you and us while you are logged in to our Online Banking Services. Access your eStatements using your secure online banking account log in. Plus, eStatements are environmentally friendly; saving paper, and ultimately saving trees and helping the environment!
• Check your account statement promptly and immediately report any transactions that you don’t recognize.
• Destroy all receipts before discarding them since some of them may have your card number printed on it.
• Guard your card — don’t use it as collateral or give out your card number to someone on the phone, unless you initiated the call for a purchase.
• Check your credit report at least annually to ensure its accuracy.

*Visa®’s Zero Liability policy covers U.S.-issued cards only and does not apply to ATM transactions or PIN transactions not processed by Visa®. Cardholders must notify card issuers promptly of any unauthorized use. Visit www.Visa.com/security.

Third Party Web Sites - Many links are provided for your convenience. St. Mary's is not responsible for the content, nor does it guarantee the products or services offered on third party sites. St. Mary's Bank Privacy Policy does not apply to linked web sites. Please consult the privacy disclosure of the third party site for further information.