Friday, March 30, 2012

Huge credit card data breach could compromise as many as 10 million credit card numbers

It's been a while, but here we are again. A credit card data breach has just been reported, and depending on who you listen to, it could affect a massive number of credit card numbers.

The breach occurred at Global Payments, which processes credit cards AND debit cards for banks and merchants. The company's stock (GPN) took a major hit on Friday, dropping 9 percent before trading was halted.

According to the Wall Street Journal, the breach has put about 50,000 credit and debit cardholders at risk. However, Krebs on Security says that sources in the financial industry say that as many as 10 million credit card numbers may have been compromised.

VISA and MasterCard say that the Global Payments was compromised between Jan. 21, 2012 and Feb. 25, 2012. The alerts from the companies also indicated that full Track 1 and Track 2 data was stolen. What does that mean? It means that data was taken that could be used to counterfeit new credit cards.

MasterCard said, "MasterCard's own systems have not been compromised in any manner." The company will "continue to both monitor this event and take steps to safeguard account information."

VISA said, "There has been no breach of Visa systems, including its core processing network VisaNet." The company added that it has provided banks with affected account numbers "so they can take steps to protect consumers through independent fraud monitoring and, if needed, reissuing cards."

While VISA and MasterCard handle transactions for banks that issue their cards and those that handle transactions for merchants, they don't issue cards directly to consumers nor do they loan funds to them in the form of revolving credit accounts, either. Thus, it will be up to the banks to contact affected consumers and take action.

This is the first huge breach of credit card systems since the Heartland Payment Systems breach of some three years ago. That breach dwarfs this one in size: it compromised 130 million credit card numbers vs. the currently estimated 10 million.

No comments: