Visa, Mastercard investigate massive credit breach

By Dan Kaplan on Apr 2, 2012 7:47 AM
Filed under Security

Could involve up to 10 million cards.

Visa and MasterCard are investigating a major breach of credit card numbers at a US payment processor, the size of which may exceed anything seen in at least three years.

Global Payments confirmed a breach which occurred in early March, but it did not reveal how many card numbers were involved.

"[The company] determined card data may have been accessed," said a statement. "It immediately engaged external experts in information technology forensics and contacted federal law enforcement. The company promptly notified appropriate industry parties to allow them to minimise potential cardholder impact."

The company's stock price dropped sharply following the news and a spokesperson did not respond to a request for comment.

The amount of victims is unknown. The Wall Street Journal reported some 50,000 cards were impacted, but security blogger Brian Krebs claimed the number could reach 10 million.

Avivah Litan, vice president and analyst at Gartner, said her sources within the payment industry said the breach was sustained by a New York City-based taxi cab/parking garage company, and was the work of a Central American gang.

"The taxi cabs generate millions of transactions over months," she said.

A city Taxi and Limousine Commission spokesman, Allan Fromberg, said he wasn't aware of any breach, but said there are 65 so-called "medallion agents" who lease taxi cabs to drivers.

They serve as merchants, as well, and contract with third-parties to process cab fares that are paid with credit card.

Visa, in its statement, said it was contacting "payment card issuers" with information about card numbers that may have been compromised.

PSCU, which provides financial services, such as bill payment solutions, to 680 credit unions, issued a security alert this week to its members after it was contacted by Visa.

The alert reported 46,194 of the compromised Visa card numbers belonged to PSCU customers, and the breach lasted from 21 January and 25 February. The 46,194 number dropped to 26,094 when accounting for duplicate, expired or invalid cards.

No matter the size of the breach, this appears to be the first massive incident involving stolen credit card data since Heartland Payment Systems was hit it to the tune of 100 million card numbers.

"Just when we thought it was safe to go back shopping," Litan joked.

Global Payments is planning an 8 a.m. EST conference call on Monday with investors.

This article originally appeared at scmagazineus.com

 
Follow us on Facebook and Twitter
 

Copyright © SC Magazine, US edition

Visa, Mastercard investigate massive credit breach
 
 
 
 
 
Top Stories
EMC takes custody of VCE as Cisco marriage falters
What will it mean for future of Vblock?
 
 
Cloud office vendor taps Ingram for Aussie assault
Intermedia 'gets serious' in Australia, hires first local employee.
 
Sign up to receive CRN email bulletins
   FOLLOW US...
Polls
Is Microsoft right to limit the reseller channel for Surface?

Latest Comments
CRN Magazine

Issue: 331 | September 2014

CRN Magazine looks in-depth at the emerging issues and developments for the channel, and provides insight, analysis and strategic information to help resellers better run their businesses.