The Tribune

By MORGAN ADDERLEY

Tribune Staff Reporter

madderley@tribunemedia.net

THE Office of the Data Protection Commissioner yesterday expressed "grave concerns" over Royal Bank of Canada's confirmation that some of its Bahamian Visa debit and Visa credit card holders have fallen victim to "skimming," as it called on the bank to provide "further assurances" that it is taking sufficient measures to protect clients' personal information.

The data protection commissioner called for all customers who have been directly affected by the Royal Bank of Canada ATM scam to formalise their complaints by writing to the ODPC.

Tribune Business reported on Tuesday that RBC Director of Strategic and Corporate Communications for the Caribbean Jacqueline Taggart referred to the skimming incident as a "coordinated and aggressive criminal effort."

"The (ODPC) considers this act one of significant concern and hereby advises any and all data subjects who may have been directly affected, to formalise its complaint to our office in written form, so that the necessary steps may be taken to remedy any irregularity, involving the breach of one's personal information," the organisation's statement says.

It added this will help avoid any further risk exposure that could occur due to the reported "skimming" incident.

The ODPC said the protection of all data subjects' personal information is a "high priority" and said there must be "further assurances provided by banking institutions in general and RBC in particular."

It noted this is especially crucial as the number of cyber threats and data breach attempts continues to grow.

The ODPC said it has observed RBC's "ongoing commitment" to digitising its retail and personal banking division, and urged the bank to implement "comparable security measures" to its data subjects "for their ongoing confidence in the protection of their personal information".

In interviews with The Tribune yesterday, many RBC customers expressed concern following the bank's announcement.

A 34-year-old South Beach constituent who wished to be identified only as "Wallace" said he was affected by the data breach.

"I'm doing a project for (a) construction company, and I couldn't get paid," he said. "So I have my guys them home right now, they've been home for a couple days right now, until further notice. So, I had just got a cheque from them and I haven't got sort out as yet."

Wallace said RBC has been working quickly on the issue and has estimated he will be able to receive his money in two or three days.

Hadassah Johnson, 43, said the incident has made her question the safety of using ATMs.

"I've not been a victim, but I am a client," she told The Tribune. "And I am right now going in there to use the (ATM). And my first question was going to be 'is it safe?'…It's very scary right now."

Another RBC client who wished to be identified as "DK" said he initially thought the data breach report was a hoax, as he received no information on the matter from RBC.

"I've gotten no email, nothing on my online banking, because normally they would send information there," the 35-year-old South Beach constituent said. "So I figured it was a scam."

After realising the reports were true, DK said the issue concerned him, especially as he has banked with the company for approximately four years.

Centreville constituent Eric Sawyer III told The Tribune he called the bank to check his accounts and was told he wasn't affected.

He added this is the first incident of its kind he's been concerned about with RBC.

A 60-year-old woman who wished to remain anonymous told The Tribune she was the victim of a data breach in July.

When asked if she was informed of the matter by RBC, she said: "They didn't have to tell me that, I could find (it out) because I'm online. I find it myself."

The woman, who was living in Exuma at the time, said RBC was "very accommodating" and the money was swiftly returned to her account.

It is unclear how many people may have been affected by this skimming attack.

Ms Taggart told Tribune Business on Monday the vast majority of the bank's clients were not affected.

Skimming refers to the use of fraudulent methods to obtain customer details by "skimming" their debit and credit cards at point of use, whether ATM or point of sale.

As to the method in this instance she said: "I cannot say conclusively as we are still investigating, but to-date the skimming has been isolated to ATMs."