Archive for March, 2012

MasterCard, Visa warn of cardholder data breach

NEW YORK (AP) — MasterCard and Visa said Friday that they had notified issuers of its credit cards of a potential breach of the security of customer accounts. The companies did not say how many customers were affected.

Global Payments Inc., which processes credit card transactions for stores, said it had detected a breach of card data in early March. Breaches of card data can lead to identity theft and unauthorized charges.

Global Payments said it had alerted federal law enforcement and was investigating. Spokeswoman Amy Corn would not say whether cards besides Visa and MasterCard were affected.

Global Payments stock was halted after published reports said it was responsible. The stock fell 9 percent for the day before trading was stopped.

Credit card companies generally protect customers against fraudulent transactions, and Visa said specifically Friday that its U.S. customers were not at risk. Both Visa and MasterCard said their own systems had not been compromised.

Last June, hackers stole information for 360,000 credit card accounts at Citigroup. In the past year, there have been high-profile data attacks against the International Monetary Fund, National Public Radio, Google and Sony’s PlayStation Network.

Article source: http://www.mysanantonio.com/news/article/MasterCard-probes-possible-cardholder-breach-3447249.php

,

No Comments

‘Massive’ credit card data breach involves all major brands


NEW YORK (CNNMoney) –

A data breach at a payments processing firm has potentially compromised credit and debit card information from all of the major card brands.

Global Payments, a company that processes card transactions, confirmed late Friday that “card data may have been accessed.” It says it discovered the intrusion in early March and “promptly” notified others in the industry.

Global Payments did not say how many accounts were affected, or what kind of information was compromised. A U.S. Secret Service spokesman said Saturday that the agency is investigating the incident.

A Wall Street Journal report from earlier Friday saying that Global Payments had been hacked sent the company’s shares down 9% before trading was halted. The stock did not resume trading before the market closed.

Global Payments did not say which card companies were affected, but Visa released a statement saying that it was all of the big players.

“Visa Inc. is aware of a potential data compromise incident at a third party entity affecting card account information from all major card brands,” it said.

When a customer swipes a credit card, the data is sent to a payment processor like Global Payments, which then forwards the transaction information to card companies like Visa and MasterCard.

That’s a massive business: Global Payments processed $167.3 billion worth of transactions in its last fiscal year, which ended May 31, 2011. Global Payments specializing in serving small merchants, like mom-and-pop businesses and local retailers.

It emphasized that none of them were to blame for the data leak.

“It is crucial to understand that this incident does not involve our merchants or their relationships with their customers,” Global Payments said.

Article source: http://www.wmtw.com/news/money/-Massive-credit-data-breach-involves-major-brands/-/8791814/9830044/-/hrc5x6z/-/

,

No Comments

Massive US data breach


Four giant card-payment processors and large US banks that issue debit and credit cards were hit by a data-security breach after third-party services provider Global Payments Inc discovered its systems were compromised by unauthorised access.

It was not immediately clear how many cardholders became victims of the breach, which affected MasterCard, Visa, American Express Co and Discover Financial Services, as well as banks and other franchises that issue cards bearing their logos.

US law enforcement authorities including the Secret Service are investigating and MasterCard said it has hired an independent data-security organisation to review the incident.

The shares of Atlanta-based Global Payments, which acts as a credit-checking middleman between merchants and card processors, were halted on Friday afternoon after dropping more than 9 percent on the news.

MasterCard shares fell 1.8 per cent to close at US$420.54, Visa shares dropped 0.8 per cent to US$118, American Express shares fell 0.1 per cent to US$57.86, while Discover rose 1.2 per cent to US$33.34.

Analysts said any financial losses from the data breach would be shouldered by merchants, card issuers and Global Payments rather than Visa or Mastercard, which operate payment networks.

Global Payments said it determined that an unauthorised entity had accessed its systems and possible customer card data in early March. Krebs on Security, a blog that first reported the incident on Friday, said accounts had been compromised for over a month, between January 21, 2012 and February 25, 2012.

Global Payments is holding an investor conference call Monday morning (local time) to discuss the issue.

This Global Payments breach is just the latest in a long string of incidents that have put the personal information of millions of credit and debit cardholders at risk.

Individual banks and processors said they had not yet determined the full extent of the breach, but Krebs on Security described it as a “massive” breach that may affect more than 10 million cardholders.

Some industry experts suggested the figure might be much less, perhaps on the order of tens of thousands. Bernstein Research analyst Rod Bourgeois noted that Global Payments is a relatively small player in the transactions services industry, servicing 800,000 merchants with a 3.5 percent market share. By contrast, the largest competitor, First Data, services millions of merchants, with 22.6 per cent of the market.

JPMorgan Chase Co, as well as American Express and Discover, which issue their own cards, said they are monitoring customers’ accounts and would issue new cards to anyone whose information may have been compromised.

Citigroup said it has been notified by processors of the breach. Bank of America Corp declined to comment on the matter and Wells Fargo Co said it was too early to comment on the impact.

Banks and processors emphasised customers would not be held liable for any fraudulent charges that may occur.

Mike Simonsen, the Chief Executive of real-estate research company Altos Research, said he may have been a victim.

Simonsen said he was contacted by his bank, Bank of America Corp, last week about his Visa card. Although there were no unauthorised transactions, the representative told him a vendor or law enforcement agency had flagged his account as compromised and so he would receive a new one.

“It was very unusual,” he said.

– Reuters

Article source: http://www.stuff.co.nz/marlborough-express/business/national/6672800/Massive-US-data-breach

,

No Comments

Credit card data breach warned

NEW YORK — MasterCard and Visa said Friday that they had notified issuers of its credit cards of a potential breach of the security of customer accounts. The companies did not say how many customers were affected.

Global Payments Inc., which processes credit card transactions for stores, said it had detected a breach of card data in early March. Breaches of card data can lead to identity theft and unauthorized charges.

Global Payments said it had alerted federal law enforcement and was investigating. Spokeswoman Amy Corn would not say whether cards besides Visa and MasterCard were affected.

Global Payments stock was halted after published reports said it was responsible. The stock fell 9 percent for the day before trading was stopped.

Credit card companies generally protect customers against fraudulent transactions, and Visa said specifically Friday that its U.S. customers were not at risk. Both Visa and MasterCard said their own systems had not been compromised.

Last June, hackers stole information for 360,000 credit card accounts at Citigroup. In the past year, there have been high-profile data attacks against the International Monetary Fund, National Public Radio, Google and Sony’s PlayStation Network.

Article source: http://www.postcrescent.com/article/20120331/APC03/203310543/Credit-card-data-breach-warned

,

No Comments

‘Massive’ Credit Card Data Breach Involves All Major Brands


NEW YORK (CNNMoney) — A data breach at a payments processing firm has potentially compromised credit and debit card information from all of the major card brands.

Global Payments, a company that processes card transactions, confirmed late Friday that “card data may have been accessed.” It says it discovered the intrusion in early March and “promptly” notified others in the industry.

Global Payments did not say how many accounts were affected, or what kind of information was compromised. A law enforcement investigation is ongoing.

sponsor

A Wall Street Journal report from earlier Friday saying that Global Payments had been hacked sent the company’s shares down 9% before trading was halted. The stock did not resume trading before the market closed on Friday.

Global Payments did not say which card companies were affected, but Visa released a statement saying that it was all of the big players.

“Visa Inc. is aware of a potential data compromise incident at a third party entity affecting card account information from all major card brands,” it said.

When a customer swipes a credit card, the data is sent to a payment processor like Global Payments, which then forwards the transaction information to card companies like Visa and MasterCard.

That’s a massive business: Global Payments processed $167.3 billion worth of transactions in its last fiscal year, which ended May 31, 2011. Global Payments specializing in serving small merchants, like mom-and-pop businesses and local retailers.

It emphasized that none of them were to blame for the data leak.

“It is crucial to understand that this incident does not involve our merchants or their relationships with their customers,” Global Payments said.

It plans to hold a conference call Monday morning to provide more details on the debacle.

‘Massive’ breach? News of the breach was first reported by the respected security blog Krebs on Security. The blog said the breach was “massive,” and could involve more than 10 million card numbers.

“I’ve spoken with folks in the card business who are seeing signs of this breach mushroom,” Gartner security analyst Avivah Litan wrote Friday in a blog post.

Her sources say the hackers have begun using some of the card data they stole, Litan added.

When payment processors get hacked, the shrapnel can spread far. The record holder for the largest-ever breach is believed to be a 2008 attack on Heartland Payment Systems, in which an estimated 130 million customer accounts were compromised.

Heartland eventually paid more than $110 million to Visa, MasterCard, American Express and other card associations to sette claims related to the breach.

In regard to the Global Payments breach, MasterCard said it has alerted payment card issuers “regarding certain MasterCard accounts that are potentially at risk.”

Visa released a statement saying it too has provided card issuers with notifications about accounts that could be affected. The issuers “can take steps to protect consumers through independent fraud monitoring and, if needed, reissuing cards,” it said.

Both MasterCard and Visa emphasized that their own networks had not been penetrated.

Discover and American Express each released short statements saying they are aware of the situation and are monitoring customer accounts for suspicious activity.

In data breach situations, credit card companies generally offer affected customers fraud monitoring services at no cost — and customers aren’t on the hook for any fraudulent charges. The card issuers themselves are responsible for those costs.

Questions about industry standards: Several security researchers said the breach is a prime example of why the current Payment Card Industry Data Security Standard (PCI-DSS) is inadequate.

“Expect to see yet another round of almost religious fervor in the debate over the real value of PCI-DSS,” Geoff Webb, director of product marketing at data-protection company Credant Technologies, said in an email.

Cybercriminals “are constantly looking for opportunities to identify and attack sites where there is a weakness in security — just like a predator looks out for the weakest member of the herd,” he added.

Litan, the Gartner analyst, is skeptical about whether the credit card industry will invest the money and time required to switch to a more secure system, like “smart cards” embedded with chips, which are used in some foreign countries.

“It’s cheaper for them to deal with these breaches than to make all those chip cards,” Litan told CNNMoney. “We’ve had all of these breaches, but there have not been any significant attempts to change the situation. The information is easy to steal, and cards are easy to use, so it’s like free money for criminals.”


Article source: http://www.10news.com/nationalnews/30804090/detail.html

,

No Comments

REVEALED: Data Breach Cost OZ $2.1M EACH


Telstra suffered a high profile data breach last year.
“Malicious or criminal attacks” were the top data breaches (36%) Australian business experienced and the most expensive last year, costing a massive $183 per record lost.

The average cost to an organisation from data breaches was a whopping $2.16 million.

Costs of lost or stolen data also jumped $10 to $138 (per record) in 2011 and affected 36% of all org’s, while other causes of data breaches were “individual negligence and system glitches” – each accounting for 32% of local breach incidents, compared to 39% in the US.

Many data breaches involved mistakes by third parties including outsourcers, cloud providers and business partners, according to Symantec study which quizzed 22 Oz companies from ten different industries.

This comes as several high profile data breaches occured in the last year including Telstra, which the Privacy Commissioner is still investigating, which saw close to one million Big Pond customers details available freely online.

Read: Telstra Under Scrutiny By Privacy Watchdog

“The large volume of data breach incidents occurring over the last year has put data breaches high on the agenda for Australian executives,” said Craig Scroggie, Symantec vice president and MD, Pacific.

Businesses need to focus on policies and technologies that improve their ability to prevent and detect data breaches and take steps to repair any reputational damage after a data breach has occurred, which can significantly reduce asociated costs.

Costs relating to reputational damage, diminished goodwill and increased customer acquisition activities also increased sharply last year, the study also found, and rose by 22% to to $840,000.

While countries including the US are experiencing a decrease in the cost of a data breach, Australia’s costs continue to rise, Scroggie warned.

Page: [1] 2 3 | Next Page

Article source: http://smarthouse.com.au/Home_Office/Industry/E3S6E6E8

,

No Comments

MasterCard, Visa warn of cardholder data breach


By PALLAVI GOGOI

The Associated Press

— MasterCard and Visa said Friday that they had notified issuers of its credit cards of a potential breach of the security of customer accounts. The companies did not say how many customers were affected.

Global Payments Inc., which processes credit card transactions for stores, said it had detected a breach of card data in early March. Breaches of card data can lead to identity theft and unauthorized charges.

Global Payments said it had alerted federal law enforcement and was investigating. Spokeswoman Amy Corn would not say whether cards besides Visa and MasterCard were affected.

Global Payments stock was halted after published reports said it was responsible. The stock fell 9 percent for the day before trading was stopped.

Credit card companies generally protect customers against fraudulent transactions, and Visa said specifically Friday that its U.S. customers were not at risk. Both Visa and MasterCard said their own systems had not been compromised.

Last June, hackers stole information for 360,000 credit card accounts at Citigroup. In the past year, there have been high-profile data attacks against the International Monetary Fund, National Public Radio, Google and Sony’s PlayStation Network.

___

March 30, 2012 05:06 PM EDT

Copyright 2012, The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

Article source: http://www.palmbeachpost.com/money/mastercard-visa-warn-of-cardholder-data-breach-2271832.html

,

No Comments

MasterCard, Visa investigate possible data breach

Global Payments did not return calls seeking comment. The Krebs blog said the incident occurred between Jan. 21 and Feb. 25.

MasterCard would not say how many cardholders might have been affected by the attack. The card companies said they had alerted banks and law enforcement officials to the breach, and emphasized that their own systems had not been compromised.

”We have alerted payment card issuers regarding certain MasterCard accounts that are potentially at risk,’’ MasterCard said in a statement. A Visa representative said ‘‘there has been no breach of Visa systems.’’

The Secret Service said it was investigating the incident.

The bank official said that Visa and MasterCard notified his company Thursday, but that banks had been frustrated with the pace of disclosure by Global Payments. He said they had provided little information on where the breaches took place, how accounts were hacked and other details that might indicate which customers might be vulnerable.

”You can understand common places where cards are used,’’ he said. ‘‘But we haven’t gotten that.’’

The investigation by the card companies highlights concerns about the vulnerability of electronic financial data particularly as banking customers migrate to mobile payments.

As financial services companies have improved security over the past year, criminals have aimed at a specific part of the credit card system: the payment processors that act as a bridge between banks and retailers. Security consultants say that the sophistication of these attacks is increasing, holding the potential for a growing wave of attacks intended to grab valuable financial data.

”Hackers are well aware that these systems don’t have the same sophisticated levels of security as the banks,’’ said Tom Kellerman, a vice president at Trend Micro, a computer security company. ‘‘The payment processors have become their Achilles’ heel.’’

Last year, hackers attacked Citigroup, capturing names, account numbers, email addresses and transaction histories of thousands of customers.

The attack was aimed at a third-party vendor that processed credit and debit card payments for retailers and merchants. Such vendors have been a favored target of hackers because they are a repository for rich veins of cardholder data.

The latest episode is reminiscent of a breach at Heartland Payment Systems that began in 2007 but was not fully discovered and disclosed until 2009. In that case, hackers are estimated to have stolen 130 million consumer credit card records. Heartland estimated that the breach cost it $140 million in fines, settlements and legal fees.

Article source: http://bostonglobe.com/business/2012/03/30/mastercard-investigates-potential-data-breach/OAuYZZpLjGTqqqlniV0zeM/story.html

,

No Comments

‘Massive’ Credit Card Data Breach Involves All Major Brands

Posted: 12:27 pm CDT March 30, 2012Updated: 3:56 pm CDT March 30, 2012

NEW YORK (CNNMoney) — A data breach at a payments processing firm has potentially compromised credit and debit card information from all of the major card brands.

Global Payments, a company that processes card transactions, confirmed late Friday that “card data may have been accessed.” It says it discovered the intrusion in early March and “promptly” notified others in the industry.

Global Payments did not say how many accounts were affected, or what kind of information was compromised. A law enforcement investigation is ongoing.

A Wall Street Journal report from earlier Friday saying that Global Payments had been hacked sent the company’s shares down 9% before trading was halted. The stock did not resume trading before the market closed on Friday.

Global Payments did not say which card companies were affected, but Visa released a statement saying that it was all of the big players.

“Visa Inc. is aware of a potential data compromise incident at a third party entity affecting card account information from all major card brands,” it said.

When a customer swipes a credit card, the data is sent to a payment processor like Global Payments, which then forwards the transaction information to card companies like Visa and MasterCard.

That’s a massive business: Global Payments processed $167.3 billion worth of transactions in its last fiscal year, which ended May 31, 2011. Global Payments specializing in serving small merchants, like mom-and-pop businesses and local retailers.

It emphasized that none of them were to blame for the data leak.

“It is crucial to understand that this incident does not involve our merchants or their relationships with their customers,” Global Payments said.

It plans to hold a conference call Monday morning to provide more details on the debacle.

‘Massive’ breach? News of the breach was first reported by the respected security blog Krebs on Security. The blog said the breach was “massive,” and could involve more than 10 million card numbers.

“I’ve spoken with folks in the card business who are seeing signs of this breach mushroom,” Gartner security analyst Avivah Litan wrote Friday in a blog post.

Her sources say the hackers have begun using some of the card data they stole, Litan added.

When payment processors get hacked, the shrapnel can spread far. The record holder for the largest-ever breach is believed to be a 2008 attack on Heartland Payment Systems, in which an estimated 130 million customer accounts were compromised.

Heartland eventually paid more than $110 million to Visa, MasterCard, American Express and other card associations to sette claims related to the breach.

In regard to the Global Payments breach, MasterCard said it has alerted payment card issuers “regarding certain MasterCard accounts that are potentially at risk.”

Visa released a statement saying it too has provided card issuers with notifications about accounts that could be affected. The issuers “can take steps to protect consumers through independent fraud monitoring and, if needed, reissuing cards,” it said.

Both MasterCard and Visa emphasized that their own networks had not been penetrated.

Discover and American Express each released short statements saying they are aware of the situation and are monitoring customer accounts for suspicious activity.

In data breach situations, credit card companies generally offer affected customers fraud monitoring services at no cost — and customers aren’t on the hook for any fraudulent charges. The card issuers themselves are responsible for those costs.

Questions about industry standards: Several security researchers said the breach is a prime example of why the current Payment Card Industry Data Security Standard (PCI-DSS) is inadequate.

“Expect to see yet another round of almost religious fervor in the debate over the real value of PCI-DSS,” Geoff Webb, director of product marketing at data-protection company Credant Technologies, said in an email.

Cybercriminals “are constantly looking for opportunities to identify and attack sites where there is a weakness in security — just like a predator looks out for the weakest member of the herd,” he added.

Litan, the Gartner analyst, is skeptical about whether the credit card industry will invest the money and time required to switch to a more secure system, like “smart cards” embedded with chips, which are used in some foreign countries.

“It’s cheaper for them to deal with these breaches than to make all those chip cards,” Litan told CNNMoney. “We’ve had all of these breaches, but there have not been any significant attempts to change the situation. The information is easy to steal, and cards are easy to use, so it’s like free money for criminals.”

Article source: http://www.channel3000.com/money/30804090/detail.html

,

No Comments

Visa, MasterCard acknowledge data breach

Network World – Both Visa and MasterCard Friday are acknowledging a possible data breach of a payment-card processing company network that, once an investigation is completed, could show that sensitive data from cardholders was stolen and payment fraud committed due to the break-in.

While neither Visa nor MasterCard directly named the payment processor in question, The Wall Street Journal, based on an unnamed source, is now identifying Global Payments of Atlanta, alleging the breach may only impact about 50,000 cardholders. While substantial, that would be far less than the possible 10 million speculated about by security writer Brian Krebs, the first to break the news about the data breach based on what sources told him.

ARCHIVES: 2011’s biggest security snafus

Meanwhile, industry analysts also are tapping their own reliable sources. According to Gartner analyst Avivah Litan, an expert in online payments and security, sources in the industry are telling her the data breach started with a break-in by a Dominican national into an online card payments account for a taxi and parking garage in New York City, and may be traced back to a Central American gang.

Litan says that based on her knowledge at present, the data breach started with the criminal answering online authentication questions correctly to so-called knowledge-based systems. Knowledge-based systems require answers to personal questions, such as where did you get married or what is your favorite book. If you could get into the payments system this way, you could also get to a third-party processor, she says, adding she hasn’t heard the name Global Payments mentioned.

In her blog, Litan writes, “Looks like the hackers took over an administrative account that was not protected sufficiently.”

If this is what the ongoing investigation reveals the circumstances to be, it could mean that knowledge-based systems will not be approved in the way they might be now by Payment Card Industry (PCI) assessors, who oversee and approve computer-based systems used to store sensitive cardholder data.

In its statement about the ongoing investigation into the supposed data breach, Visa said it “is aware of a potential data compromise incident at a third-party entity affecting card account information from all major card brands. There has been no breach of Visa systems, including its core processing network, VisaNet. Visa has provided payment-card insurers with the affected account numbers so they can take steps to protect consumers through independent fraud monitoring and, if needed, reissuing cards.”

MasterCard earlier today issued a similar statement.

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security.

Read more about wide area network in Network World’s Wide Area Network section.

Article source: http://www.computerworld.com/s/article/9225706/Visa_MasterCard_acknowledge_data_breach

,

No Comments