MasterCard, Visa Notify Issuers of Potentially Massive Security Breach
March 30, 2012
Visa and MasterCard today confirmed they have been contacting issuing banks in response to a breach at a “third party entity.” The Wall Street Journal , quoting unnamed sources “with knowledge of the situation,” is reporting that Atlanta-based payments processor Global Payments Inc. is the source of the breach. Krebs on Security originally reported the breach and said it could possibly affect 10 million credit and debit card accounts, though other reports say the number of compromised accounts is closer to 50,000. The card networks’ notifications to their issuers state that full Track 1 and Track 2 data was taken and the breach probably compromised the processor between Jan. 21 and Feb. 25.
CNP merchants often invest significant time and money in systems to minimize their exposure to fraud. And, when a breach happens, generally a retailer, after getting some information, can tweak those anti-fraud platforms to respond to specific breaches, according to Don Bush, marketing director of Boise, Idaho-based anti-fraud technology provider Kount.
“If you’re a merchant, you don’t want to scare your customers unnecessarily,” Bush tells CardNotPresent.com. “Working with the banks and payment providers to assess the scope of the breach and the information that was compromised is the best way to go.”
Once a merchant has gathered the available information, new rules can be written for its anti-fraud software that flag transactions made by cards accounts that conform to the new parameters for further review, minimizing exposure to that specific type of breach.
Bush admits, though, that often it’s difficult to obtain accurate information about breaches from the issuers or service providers. In the case of the breach reported today, MasterCard and Visa both say in statements they have alerted issuers regarding the accounts that are potentially at risk. Global Payments Inc. has not yet issued a statement on the matter.