If there is one thing that can be said for Target, it is that they handled the data breach responsibly. Was it a perfect response? No, but unless the corporation can reliably get all the data back without any possibility of harm to customers, it can’t be perfect. Impossible. But they did notify quickly and publicly, sent emails to all affected and tried to soften the blow (or at least boost PR) by offering a discount the following Saturday. Based on past responses from other corporations, this was refreshing.

But how did your bank react? Now that millions of people know that their credit and debit cards have been compromised, they have looked to their banks for help (and solace?). As Brian Krebs has noted, some banks are actually attempting to buy back their affected cards. That’s great — but do the customers of those specific cards get notified? Did your bank send out a proactive email telling you that your card was affected in the first place? Is there information on their website? Are you urged to monitor your statement? Change your card? Are you guaranteed that any monies determined to be due to this breach will be returned to your account?

Or did you have to try to contact the bank to get information or to cancel your card? How much fun was waiting on hold with the rest of the customers panicking about the same issue?

On the whole I am fairly happy with how my own bank handled the issue, with an announcement immediately upon login as well as a promise that any damages would be fully reimbursed. They don’t recommend requesting a reissued card unless they determine the card to be at risk, but I am concerned that since I do have a receipt from December 15th my card is indeed amongst those affected. (I couldn’t have waited one more day?!)

My ideal reaction would have been that the bank proactively determined which cards were affected and sent out alert emails to those customers. Any debit cards involved should be immediately considered priority and new cards sent out, and based on the holiday shopping season, allowed compromised cards to function until the new ones were activated as long as no fraudulent charges were noted. Because the banks know about the exploit and have the ability to determine which cards were affected, there should be no question that any funds lost should be returned to the customer.

How did your bank handle this? I’d love to know. I consider it a bellwether for how the increasing number of similar exploits will be handled in the future.

Every bank is considering how to deal with hackers and prevent computer aided fraud, but which ones are putting the most effort into protecting and reassuring the customers? Would you choose banks based on transparency and proactive customer service in the face of cyber fraud?