MasterCard warns of possible security breach, Visa also reportedly affected

MasterCard warns of possible security breach, Visa also reportedly affected

www.foxnews.com

DEVELOPING: MasterCard is investigating a possible breach of cardholder account data involving a U.S.-based payment processor, the company said Friday.

"As a result, we have alerted payment card issuers regarding certain MasterCard accounts that are potentially at risk," the Purchase, N.Y., credit-card company said in a statement.

Law enforcement officials have been notified of the matter and an "independent data security organization" is conducting an ongoing forensic review. The U.S. Secret The company is alerting card-issuing banks regarding "certain MasterCard accounts that are

(visit the link for the full news article)

First off, this is Massive, OVER 10 Million cards!
Secondly, some of the major banksters (Bank of America Corp. and J.P. Morgan Chase & Co.) aren't acknowledging that they have a breech!
I try to stay on top of this hacking problem. I've reported on ways to keep you safe and even recommended using a router with hardware fire wall, VPN, and GB connections. When I saw this emerging story I had to get it out to our fellow ATS'ers. Apparently, someone has gained access to credit card (maybe even Debit card) information in New York City Parking garages. The information that they gleaned was then used to hack into one or several of the billing companies that move the funds around for payment. Additionally, Track 1 and Track 2 were hacked to make forged cards. More here:
krebsonsecurity.com...

www.foxnews.com
(visit the link for the full news article)

So what's new?? This has been going on for years.

Lol so they spend like $500 million on this huge fortress to 'protect' their customers data (eg: protect Visa's source of income, customer money) and then this happens.

I'm laughing so hard right now

reply to post by Violater1


Visa has just released this information, "Update, 11:52 a.m. ET: VISA just issued the following statement in response to this story:
krebsonsecurity.com...-14393
“Visa Inc. is aware of a potential data compromise incident at a third party entity affecting card account information from all major card brands. There has been no breach of Visa systems, including its core processing network VisaNet.

Visa has provided payment card issuers with the affected account numbers so they can take steps to protect consumers through independent fraud monitoring and, if needed, reissuing cards.

It’s important for U.S. Visa consumer cardholders to know they are protected against fraudulent purchases with Visa’s zero liability fraud protection policy, which exceeds federal safeguards. As always, Visa encourages cardholders to regularly monitor their accounts and to notify their issuing financial institution promptly of any unusual activity. Additional consumer security tips are available at www.VisaSecuritySense.com.

Every business that handles payment card information is expected to protect the security and privacy of their customers’ financial information by adhering to the highest data protection standards. Visa also supports advanced security layers such as encryption, tokenization and dynamic authentication through EMV chip technology to further protect sensitive account information and minimize the impact of data compromises.”

What is an EMV chip? It is the next step in a global economy scheme. From Wikipedia
en.wikipedia.org...
, "EMV stands for Europay, MasterCard and VISA, a global standard for inter-operation of integrated circuit cards (IC cards or "chip cards") and IC card capable point of sale (POS) terminals and automated teller machines (ATMs), for authenticating credit and debit card transactions.

It is a joint effort between Europay, MasterCard and Visa to ensure security and global interoperability so that Visa and MasterCard cards can continue to be accepted everywhere."

Originally posted by CaLyps0
So what's new?? This has been going on for years.

How has this "been going on for years"? That makes no sense. Security breaches happen all the time. I think this is one of the few times it's happened at the top level.

Don't run and gun on threads like this.

Originally posted by CaLyps0
So what's new?? This has been going on for years.

If you meant theft, yes it has. Ever since Thag wanted Uhgg's club, beat him in the head with a rock, and stole it.
Indeed, it's been around a long time.
Thank you for your contribution.

As unfortunate is this compromise is, it's kind of refreshing to see the holier-than-though payment processors and credit card brands get in trouble for a change, rather than the retailers for whom they make it nearly impossible to stay within PCI compliance. Until the big boys like VISA and MC step up and take their rightful responsibility for the protection of cardholder data security, this will continue to happen. The technology is available, they just won't spend the money to transform the industry, and instead require retailers to spend millions on protecting an inherently non secure solution (passing along the expenses to consumers in the form of higher prices)

Maybe, just maybe, PR like this will help create regulations aimed at the card brands.

Isn't this how you win?

Cut off communication
Control infrastructure
Ration resources

Originally posted by Zarniwoop
As unfortunate is this compromise is, it's kind of refreshing to see the holier-than-though payment processors and credit card brands get in trouble for a change, rather than the retailers for whom they make it nearly impossible to stay within PCI compliance. Until the big boys like VISA and MC step up and take their rightful responsibility for the protection of cardholder data security, this will continue to happen. The technology is available, they just won't spend the money to transform the industry, and instead require retailers to spend millions on protecting an inherently non secure solution (passing along the expenses to consumers in the form of higher prices)

Maybe, just maybe, PR like this will help create regulations aimed at the card brands.

I agree old man.
What I fear is that this will push forward the magnetic skin tattoo, chip in hand agenda.
What nefarious paradigm do they call it?
Cause, problem, solution.

reply to post by Violater1

I agree old man.

"old man" !?!?!?! ...that's not really me in my avatar, ya know

What I fear is that this will push forward the magnetic skin tattoo, chip in hand agenda.

Apple already has this covered. Their nearly finished rolling out this technology to the masses making everyone believe they need it. It's called... the iPhone.

Another update from
krebsonsecurity.com...-14393
Update, 12:15 p.m. ET: The Wall Street Journal is reporting that the breached processor was Global Payments Inc., which processes credit and debit cards for banks and merchants. Prior to the publication of this blog post, I had heard this name from one source, but did not include it in my story because I could not get confirmation from a second source.

Also am hearing that law enforcement investigators believe that this breach may be somehow connected to Dominican street gangs in and around New York City. This comes from two reliable sources.

Additionally, sources are reporting that the bulk of the fraudulent activity appears to be centering around commercial credit and debit cards (those issued to businesses). More updates as this story develops.

I would just like to add that even though reports are centering around the NYC area doesn't mean you are unaffected if you live somewhere else or didn't visit NYC in the recent past. The breach was at the payment processor level and reports are that fraudulent activity is geographically dispersed.

Use this event as a reminder to check your statements every month and log in to your online CC portal at least once per week to stay on top of your transactions. The quicker you notice something, the quicker it can be resolved and the better the chance that the wrongdoer may be caught.

This problem is getting out of hand.
Here is this commentary from:
blogs.gartner.com...
"Visa and MasterCard have already issued warnings on this. I’ve spoken with folks in the card business who are seeing signs of this breach mushroom. Looks like the hackers have started using the stolen card data more recently. From what I hear, the breach involves a taxi and parking garage company in the New York City area so if you’ve paid a NYC cab in the last few months with your credit or debit card – be sure to check your card statements for possible fraud.

One interesting twist again sheds light on the fact that knowledge based authentication should not be relied upon. I heard (and this may not be factual) that the crime was perpetrated by a Central American gang that broke into the company’s system by answering the application’s knowledge based authentication questions correctly. Looks like the hackers took over an administrative account that was not protected sufficiently. "

A breech by South American Drug Lords
That's a hard one to swallow.
But with all the money they get, maybe they're hitting Uncle Sam where it's going to hurt. But it's actually hurting USA citizens, so far. This hack may stretch it's tentacles to Europe and farther.
Only time will tell.

Originally posted by Violater1
A breech by South American Drug Lords

I know I probably should not say this, but I just have to...

I wonder how many times these breaches, and hacks are done by
"inside" "operatives". Everything else has been infiltrated, and for sure
we know hackers are infiltrated.

If one looks to the move towards smart cards, and evetually a cashless society, then
its not outlandish to think they might just speed things up when the technology is finally
ready.

This is getting even more worse than expected. According to Hyphenet
www.hyphenet.com...
"Global Payments Inc. is said to have suffered a security breach sometime between January 21st, 2012 and February 25th, 2012, resulting in the credit/debit card information of ~50,000 cardholders being stolen."
Master Card/VISA, Chase, and other banksters have know about this for months!!!

Originally posted by Violater1
This is getting even more worse than expected. According to Hyphenet
www.hyphenet.com...
"Global Payments Inc. is said to have suffered a security breach sometime between January 21st, 2012 and February 25th, 2012, resulting in the credit/debit card information of ~50,000 cardholders being stolen."
Master Card/VISA, Chase, and other banksters have know about this for months!!!

edit on 30-3-2012 by Violater1 because: (no reason given)

That doesn't sound right. One report I read said that one credit union was reporting that more than 50K of its members' accounts were compromised (and about 875 had fraudulent charges). You would think that if one credit union had that many, a large bank issuing a Visa or MC would have many, many times that amount.

I had a girlfriend of mine two days ago, telling me she got two retarded charges from TX, to chilis and outback lol. She lives in the tristate, never been even close to TX. wonder if there is a correlation?

reply to post by TKDRL


Last week my sister had 12 charges on her debit card from several post offiices in Washington DC...we are in New england.

All 12 were for $17.95. Not sure if she has MC or Visa.

Originally posted by TKDRL
I had a girlfriend of mine two days ago, telling me she got two retarded charges from TX, to chilis and outback lol. She lives in the tristate, never been even close to TX. wonder if there is a correlation?

The fraud is getting worse.
krebsonsecurity.com...-14393
"Update, 4:34 p.m. ET: Atlanta based processor Global Payments just confirmed the breach via press release. It promised to release more details in a conference call with investors on Monday morning. Their full statement is below:

“Global Payments Inc. (NYSE: GPN), a leader in payment processing services, announced it identified and self-reported unauthorized access into a portion of its processing system. In early March 2012, the company determined card data may have been accessed. It immediately engaged external experts in information technology forensics and contacted federal law enforcement. The company promptly notified appropriate industry parties to allow them to minimize potential cardholder impact. The company is continuing its investigation into this matter"