Visa and MasterCard Issue New Breach Warnings
Visa and MasterCard Issue New Breach Warnings: Via Threat Level
Visa and MasterCard have issued alerts warning of a security breach at another payment processor. The two credit and debit card issuers reportedly sent alerts earlier this month to banks and credit unions warning them that malicious software had been placed on the network of a second payment processor, according to an announcement posted by the Tuscaloosa VA Federal Credit Union. This would make it the second payment processor reporting a major breach in a month, following an announcement last month from Heartland Payment Systems that it had been hacked as well.
The breach involves stored transaction information for card-not-present transactions -- card transactions conducted over the phone or internet. The breach exposed card numbers and expiration dates, but not PINs or personally identifiable information stored on the card's magnetic stripe, such as the account holder's name. This limits the amount of fraud someone can conduct with the card since a fraudster would not be able to create a cloned card to use in person at a retailer and would have difficulty using it with an online merchant that asks for the security code printed on the back of the card or verification of the cardholder's billing address.
It's not known how many cards are at risk, but the announcement indicates that the malicious software was on the payment processor's system from February 2008 until last month.
The announcement says Visa and MasterCard are unwilling to name the processor because the processor hasn't gone public with the breach. Tuscaloosa Credit Union has not responded to a call for comment. Visa and MasterCard also have not returned calls for comment.
A second announcement on a web site for the Pennsylvania Credit Union Association says that Visa and MasterCard held a conference call with issuing banks on February 12 to discuss the new breach.
DataLossdb, a web site that tracks breach news, began reporting last week that it was receiving tips that a second payment processor had been breached. The tips vary on the size of the breach. Some indicated the breach was larger than the breach at Heartland Payment Systems. Others say it's a smaller breach.
In January, DataLoss had received tips about a breach at Heartland Payment Systems a week before the company acknowledged on January 20th that it had been hacked. More than a hundred financial institutions, and an unknown number of cardholders, have been affected by that breach.
Photo: Andres Rueda/Flickr
See also:
- Card Processor Admits to Large Data Breach
- Heartland Breach Affects 135 Banks and Credit Unions (So Far)
Read Original Article ( Via Threat Level. )
Twitter
Digg
StumbleUpon
Technorati
del.icio.us
Facebook
Furl
LinkedIn
YahooRecent blog posts
- In Bid to Sway Sales, Cameras Track Shoppers
- Unprecedented 25-Year Sentence Sought for TJX Hacker
- EFF Appeals Dismissal of Warrantless Wiretapping Case
- Viacom Makes Its Case Against Yesterday's YouTube
- Obama supports Senators draft plan to rework U.S. immigration policy - Includes National Biometric ID card for all.
- Domain Names Can't Defend Themselves
- Hacker Disables More Than 100 Cars Remotely
- Judges Approves $9.5 Million Facebook ‘Beacon’ Accord
- Hooking Up The Big Brother Machine... And Fighting It
- Court: State Can Dump Non-Sex Offenders Into Registry
