The number of big local banks forced to reissue customers' ATM/debit cards in recent days because of a security breach continued to grow yesterday, with PNC Bank and Citizens Bank adding their names to the list.

On Monday, National City confirmed it was reissuing an unspecified number of customers' cards after learning the card numbers had been stolen, leaving the accounts vulnerable to fraud.

National City and PNC ATM/debit cards, also known as check cards, carry the Visa brand, while Citizens cards carry the MasterCard logo.

PNC, National City and Citizens are the region's three largest banks.

Among the nation's biggest banks, Citigroup, Bank of America and Washington Mutual were among those acknowledging a similar problem.

Visa USA has issued a statement tying the breach to an unnamed U.S. retailer. Published reports yesterday identified the retailer as OfficeMax, citing unnamed sources. Those reports also quoted an OfficeMax spokesman as denying the claim. Yesterday, the spokesman didn't return a telephone call or respond to an e-mail seeking comment.

Visa has said only a small percentage of large merchants were complying with industry guidelines for properly storing customers' card data, leaving the information vulnerable to computer hackers.

New York-based Citigroup, the country's biggest bank, said it canceled thousands of MasterCard-branded cards after detecting fraudulent withdrawals in Britain, Russia and Canada last month. The bank said it believed the problem stemmed from breaches at multiple U.S. retailers, which it declined to name.

None of the local banks would say how many cards were affected, although the actual number of accounts hit by fraud appears to be small.

The most recent wave of card cancellations follows a similar incident in January when PNC reissued an unspecified number of cards after discovering funds had been stolen from a "limited number" of accounts through overseas transactions.

Investigators are trying to determine if that situation is related to this month's problem, a PNC spokeswoman said yesterday.

The banks emphasized that customers are not liable for unauthorized transactions. Still, under federal regulations, customers bear some responsibility for reporting suspicious transactions to their bank on a timely basis.

Customers generally have 60 days from receiving their statements to make a report, according to spokesmen for the three big local financial institutions. Banks typically provide some leeway in that time frame, such as when customers are traveling abroad.