Crisis management is a topic I address with frequency on this weblog as I realize that all companies mess up and have bad things happen, but how they respond, that’s the big difference between success and failure. I’ve also written about McDonald’s (NYSE: MCD) backed DVD rental startup Redbox before too.
Apparently the company had someone install a credit card skimmer on one of their devices and found it. Not good at all! What’s important is that I haven’t seen this news show up in the mainstream media (or blogosphere yet), so seeing how the company has notified its customers – even the vast majority of their customers who are unaffected by the problem – and is aggressively dealing with the issue is quite informative. Read on, this is the entire email sent out, then I have some additional commentary at the end…
To Our Valued Customers:
A few days ago redbox detected and removed an illegal credit card skimming device at one of our 7,400 locations. At the same time, redbox also discovered evidence of skimming attempts in two other locations. Skimming involves the placement of an illegal device above the credit/debit card reader on a vending machine, ATM, or in this case a redbox. These devices are used to illegally read or store personal credit card information.
Even if your redbox was not targeted, it never hurts to pay a little extra attention and check for any unusual activities or changes at your local redbox. If you suspect your redbox has been tampered with (click this link to see pictures of skimmer devices: http://www.redbox.com/creditcardsecurity/ ) please call 866-REDBOX3, e-mail email@example.com , or notify the store/restaurant manager of your concerns immediately.
Although there is no evidence currently that these skimming attempts were successful, consumer security is a top priority for redbox. Reviewing transaction records, there is a possibility that up to 150 customers may have been affected. Although only a small percentage of the millions of customers who use redbox each month, redbox has notified the major credit card companies so that they can monitor the situation. The redbox team is also working with local authorities to investigate the incidents and ensure your security.
Skimming is not new (click this link for more details: http://www.uboc.com/ ). It has been attempted numerous times on ATMs, gas station pumps, and now redbox has been targeted. Redbox has been aware of these industry threats and has spent significant time and resources to prepare for them. The 7,400 redbox locations are visited frequently by redbox associates to maintain smooth operations and an optimum customer experience. In this case, a redbox associate found evidence of skimming attempts and initiated the actions in the team’s response plan (including this e-mail message).
Redbox greatly values our customer relationships. As a result, redbox is open and direct in our communications about this type of situation. The redbox team also utilizes industry-leading technology to ensure you have a safe shopping experience and aggressively combats attempts by criminals to defraud customers. Please see the questions and answers below for some additional details on skimming and how redbox ensures the safety of your account information.
Director, Customer Service
Additional Questions / Answers:
Q. What is credit card skimming?
A. Skimming is the theft of credit card information used in an otherwise legitimate transaction. It often involves the placement of an illegal device above the credit/debit card reader on a vending machine, ATM, or in this case a redbox. For more info click these links:
Q. What does redbox do to protect consumer credit card information?
A. Redbox employs state-of-the-art security technology to ensure the privacy and security of our customers’ data before, during, and after their visit to our kiosks. Customer credit card information is encrypted the moment it’s swiped through our readers. Redbox uses further layers of encryption to protect all data transfers, too. Kiosks are also actively monitored and regularly inspected both on-site and remotely. Redbox never moves or stores unencrypted customer information. Credit card information can not be accessed by outsiders or even by redbox employees once the card is swiped at a kiosk.
Q. Where can I get more information on credit card skimmers?
A. Please use these links to get more information on credit card skimmers:
Q. How do I know if a skimmer is on my redbox?
A. Redbox credit/debit card readers are standardized for all locations. Click this link for pictures of the two approved readers and some examples of skimmer devices: http://www.redbox.com/creditcardsecurity/
Q. Who should I call if I have questions?
If you suspect your credit card information was improperly used, contact your financial institution immediately. If you have specific concerns related to this incident and redbox, please visit http://www.redbox.com/creditcardsecurity/ or call 866-REDBOX3. Please do not reply to this email.
So what do you think? Did they address the situation calmly, professionally, thoughtfully and effectively? I think so.