Likely Visa, MasterCard security breach linked to third-party processor


Likely Visa, MasterCard security breach linked to third-party processor Staff

Visa and MasterCard confirmed Friday they’ve alerted banks of a potential data breach involving a third party and affecting major credit card brands. Both companies said the breach did not involve their own systems.

The credit card security breach

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Safe Harbor

was first reported by investigative reporter Brian Krebs. In a blog post, he reported the Visa, MasterCard security breach involved a U.S.-based credit card processor and affected potentially more than 10 million card numbers. The Wall Street Journal on Friday identified the third-party credit card processor as Atlanta-based Global Payments Inc., but said up to 50,000 card numbers may have been affected.

“Visa has provided payment card issuers with the affected account numbers so they can take steps to protect consumers through independent fraud monitoring and, if needed, reissuing cards,” Visa said in its statement.

MasterCard said law enforcement has been notified and “the incident is currently the subject of an ongoing forensic review by an independent data security organization.”

Avivah Litan, vice president and distinguished analyst at Gartner, wrote in a blog post that people in the card data business told her they’re seeing signs of a “breach mushroom.”

“From what I hear, the breach involves a taxi and parking garage company in the New York City area, so if you’ve paid a NYC cab in the last few months with your credit or debit card -- be sure to check your card statements for possible fraud,” she wrote.

The breach illustrates that knowledge-based authentication shouldn’t be relied on; a layered authentication approach is always best, Litan said.

“I heard (and this may not be factual) that the crime was perpetrated by a Central American gang that broke into the company’s system by answering the application’s knowledge-based authentication questions correctly. Looks like the hackers took over an administrative account that was not protected sufficiently,” she said.