A processor of credit and debit cards, Global Payments Inc., has reportedly been hit by a security breach, The Wall Street Journal is reporting.
Bloomberg News reported that trading was halted in its stock as the credit card industry investigated the data breach. “Global Payments fell 9.1 percent to $47.50 whentrading was halted in New York, after earlier plunging more than 13 percent,” Bloomberg said.
The company, with regional offices in Atlanta, could not be reached for comment.
MasterCard confirmed on Friday that it was investigating “a potential account data compromise event of a U.S.-based entity,” and that law enforcement had been notified.
A spokesman for the U.S. Secret Service confirmed that it was investigating the matter, but “was not at liberty” to elaborate.
“We have alerted payment card issuers regarding certain MasterCard accounts that are potentially at risk,” MasterCard said in a statement.
An independent data security organization is conducting a forensic review,” MasterCard noted, adding, “It is important to note that MasterCard’s own systems have not been compromised in any manner.”
The statement confirmed an earlier Krebs on Securityreport that MasterCard and Visa alerted member banks of a “massive” security breach at a credit card processor.
A Visa spokeswoman emphasized in an email: “that there is no issue or impact to Visa’s systems or our processing network VisaNet. This is an issue with a third-party.”
Brian Krebs, who runs www.krebsonsecurity.com site, reported that his sources in the financial sector said the breach might involve more than 10 million compromised card numbers.
MasterCard and Visa sent alerts to banks, Krebs reported, saying the card processor was compromised between Jan. 21-Feb. 15. Banks are reviewing transaction data to try to determine a common point of purchase, he said.
“Sources at two different major financial institutions said the transactions that most of the cards they analyzed seem to have in common are that they were used in parking garages in and around the New York City area,” Krebs said.
The private alerts also said that full Track 1 and Track 2 data was taken – meaning that the information could be used to counterfeit new cards, Krebs said.
In an interview, Krebs said he had been “sitting on the story for a week,” to obtain more information. So far, he has not been able to identify the card processor. He did not hear back from MasterCard or Visa, and said, “I don’t anticipate hearing from them.”
It is not clear how many cards were breached, Krebs said, but on Wednesday, PSCU — a provider of online financial services to credit unions — “said it alerted 482 credit unions that appear to have had cards impacted by the breach, and that a total of 56,455 member VISA and MasterCard accounts were compromised.”
PSCU said fraudulent activity had been detected on a relatively small number of those cards — 876 accounts — and that the activity was geographically dispersed, Krebs said.
Cardholders, he pointed out in the interview, are not on the hook for fraudulent purchases. Still, he added, “people should always keep an eye on their statements,” and report suspicious transactions immediately.
In its statement, Visa said: “It’s important for U.S. Visa consumer cardholders to know they are protected against fraudulent purchases with Visa’s zero liability fraud protection policy, which exceeds federal safeguards. As always, Visa encourages cardholders to regularly monitor their accounts and to notify their issuing financial institution promptly of any unusual activity.
Tags:Brian Krebs, business, Credit Card, Credit Card Processor Hit by Data Breach Trading Halted, fraud, Global Payments Inc, has reportedly been hit by a security breach, investing, mastercard, Mastercard (Photo credit: Wikipedia)AA processor of credit and debit cards, personal finance, Retail, security breach, Tech, The Wall Street Journal is reporting. A processor of credit and debit cards, The Wall Street Journal is reporting. Bloomberg, visa
