Banks have strict regulations regarding data security
Unlike other industries, banks have a strict regulatory system in place to address security and consumer notification. In fact, every bank in the U.S. is audited on a regular basis to make sure they are in compliance with these rules.
The rules were issued in March 2005 by federal financial institution regulators including the Federal Reserve, the FDIC and the Office of the Comptroller of the Currency. They require that:
Banks immediately investigate breach incidents and determine if any fraud has occurred or even if it is "reasonably possible." If so, customers must be notified as soon as possible, unless law enforcement tells the bank that an investigation would be endangered by the notice.
Regardless of the likelihood of misuse, banks must always notify their regulator when illegal access occurs so that they can monitor the situation.
If misuse of the data is unlikely, no notice is required. This is intended to minimize customer inconvenience and prevent undue alarm. Unnecessary warnings could run the risk of creating a "cry wolf" attitude to future notices.
Customers are protected
Banks use a combination of safeguards to protect customer information – such as employee training, employee accountability, strict privacy policies, rigorous security standards, encryption, and fraud detection software.
Banks have sophisticated software that can detect fraudulent transactions even before the customer may notice. Called "neural network" technology, this software can detect unusual spending patterns and alert bank employees, who then can contact the customer and protect their account.
Consumers are protected against losses. When a consumer reports an unauthorized transaction, the bank will cover the loss and take measures to protect your account. You can help to maintain your privacy by taking steps to protect your account and PIN numbers.