Bank Systems & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News

02:22 PM
Reuters
Reuters
News
Connect Directly
RSS
E-Mail
50%
50%

MasterCard, Visa Warn of Possible Security Breach

MasterCard Inc and Visa Inc have notified U.S. banks of a potential security breach, the latest in a string of incidents that have put the personal information of millions of credit card holders at risk.

MasterCard Inc and Visa Inc have notified U.S. banks of a potential security breach, the latest in a string of incidents that have put the personal information of millions of credit card holders at risk.

The companies, which are the two largest global credit card processors, said the issue stemmed from a third-party vendor and not their own internal systems.

Following news of the breach, the shares of Atlanta-based Global Payments Inc were halted after dropping more than 9.1 percent. A representative did not immediately return a request for comment.

Several other processing companies, including Heartland Payment Systems Inc, VeriFone Systems Inc and First Data denied responsibility for the potential breach. Card Systems Inc and WorldPay did not immediately respond to inquiries about the matter.

MasterCard said it notified law enforcement officials and has hired an independent data-security organization to review the possible breach.

A U.S. Secret Service spokesman said the agency was investigating, but declined to give any specifics about the breach.

"MasterCard is concerned whenever there is any possibility that cardholders could be inconvenienced and we continue to both monitor this event and take steps to safeguard account information," the company said in a statement. "If cardholders have any concerns about their individual accounts, they should contact their issuing financial institution."

Visa emphasized that customers are not responsible for fraudulent purchases.

The companies' statements came after the blog Krebs on Security reported that MasterCard and Visa Inc have been alerting banks across the U.S. about a "massive" breach that may affect more than 10 million cardholders.

Thousands of U.S. banks that issue credit and debit cards receive daily alerts regarding breaches through a system referred to as CAMS, said Thomas McCrohan, an analyst with Janney Capital Markets.

Once a person swipes a card to pay, the transaction then is sent through a chain of processing. The breach likely occurred at a central aggregation point where card information is calculated, said Avivah Litan, security analyst at Gartner Research.

"Those transactions are aggregated" and sent to a server, Litan said. "It has a lot of hops along the way" before the card information reaches a processor.

The Visa-Mastercard breach is the first major instance this year of consumer information put at risk by technological flaws or hacking.

Last June, Citigroup Inc said computer hackers breached the bank's network and accessed data of about 200,000 card holders in North America. Sony also reported several recent attacks, including one last year in which hackers accessed the personal information on 77 million PlayStation Network and Qriocity accounts.

Google Inc also suffered a major attack on its Gmail accounts in 2011 that it said appeared to originate in China. (Reporting by Lauren Tara LaCapra and Joseph Menn; editing by Gerald E. McCormick and Andre Grenon)

Register for Bank Systems & Technology Newsletters
Slideshows
Video
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.