Information about Merchant Data Breaches
Your security and privacy are our highest priorities. Here you’ll find answers to your questions on how we safeguard your banking information, keep your data protected, and what you can do to help.
FAQs about Merchant Data Breaches
- What is a merchant data breach?
A merchant data breach is an intrusion into a merchant’s computer system(s) or access to physical cardholder data where unauthorized disclosure, use, destruction or theft of cardholder data is suspected.
- How do merchant data breaches happen?
Data breaches can happen accidentally, as they do when a security system fails, or because of theft of electronic data, equipment or documents. A system failure might happen because of a software application security malfunction, failure or breach of card processing security protocols. Data breaches can also happen because criminals target secure information to gain unauthorized access, whether through phishing or social engineering attacks, hacking or other means.
- Can you give me details about the breach that affected my card?
When KeyBank is notified of a merchant data breach that may impact our clients’ cards, we do not receive detailed information about the specific merchants involved or the nature of the breach. Since the breach happens outside of KeyBank and its systems, we do not have specific details of what occurred. KeyBank is only alerted that a card appears on a list of cards potentially compromised by a data breach at another business, merchant, or institution where the card was used. When that happens, we take proactive action to reissue those cards as a precaution.
- What does KeyBank do to safeguard my information?
To safeguard your information, we use:
- Industry-leading cybersecurity tools, practices and technology
- Multifactor identification practices that protect clients’ identities
- Our Cyber Defense Center, which tracks the latest threats
- Our Fraud Prevention Services group, which monitors client accounts proactively for suspicious activity
- How can I safeguard my information?
There are some best practices you can follow to keep your accounts as secure as possible. Make sure to keep your account information private, choose complex passwords for online accounts and update them regularly. To learn more about staying secure, please visit our consumer security page.
- How can I stay informed about my account activity?
To stay informed about your account activity, we recommend that you monitor your account regularly in online and mobile banking. You can review your statements whether you receive them by mail, online or at an ATM. You can also call us to check recent transactions.
In addition to monitoring your account activity regularly, you can choose to receive Account Alerts via texts or emails from KeyBank when certain activities happen on your accounts. Alerts reduce the risk of identity theft and fraud by letting you know when a change has been made to your account.
- What happens if I have an unauthorized charge on my card?
If you notice an unauthorized transaction on your account, report it by calling 1-800-KEY2YOU® (1-800-539-2968) and following the prompts for fraudulent activity.
- Does KeyBank periodically call clients?
KeyBank may call you to verify recent account transactions when suspicious transactions are noticed. We use best practices for security when we call clients, so when we contact you, we will never ask you to provide or verify your:
- Full Social Security or account numbers
- One-time password
- Username or password
- Answers to security questions over the phone