Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Breach Exposes 40M Credit Cards

Posted by Zonk on from the consider-the-planet-hacked dept.

The Good Reverend writes "MasterCard International announced today that a security breach at CardSystems Solutions, a third party processor of payment card data, potentially exposed more than 40 million cards. Mastercard is aware of the specific card numbers affected, and is giving its member financial institutions the numbers that may have been compromised. Unlike many of the past high profile cases this one involves a hacker rather than lost packages. CNN Money, the New York Times, Reuters, MSNBC, ZDNet, C|Net, and the Washington Post are also covering the story."

8 of 304 comments (clear)

  1. Proves that the hackers... by bpuli · · Score: 5, Insightful

    will always exploit the weakest link in the chain. MasterCard itself might have the best security but what about all the systems downstream? Wonder how many more of these transactions processors have been compromised and don't even know it yet.

    --
    BP http://www.card-central.com
  2. A bit over 1/4 were mastercard branded... by the+packrat · · Score: 3, Insightful

    But that leaves a little under 3/4 who aren't mastercard branded. If it was a typical third-party payments system then it is likely that they handled other types of credit cards, just that those companies havent commented yet.

    So when is the other shoe going to fall?

    --
    Nihil Illegitemi Carborvndvm
    1. Re: A bit over 1/4 were mastercard branded... by Black+Parrot · · Score: 4, Insightful


      > But that leaves a little under 3/4 who aren't mastercard branded. If it was a typical third-party payments system then it is likely that they handled other types of credit cards, just that those companies havent commented yet. So when is the other shoe going to fall?

      The news has been reporting for the last 14 hours (at least) that the four major credit cards are all affected.

      Also, this has been known since May 22, but everyone was keeping it quiet.

      If there's another shoe, it's going to be that the breach was even larger than reported, or that they got more information than we're being told.

      --
      Sheesh, evil *and* a jerk. -- Jade
  3. The card number / expiry-date system is stupid by mukund · · Score: 3, Insightful

    Banks and financial institutions need to start using public-key encryption to authenticate a user rather than a card number and expiry date. Many visa/master cards already come as smart cards these days and it should be easy to upgrade them to operate as a JavaCard for example. Couple this with a USB card reader issued by the bank. A website can then ask for a signed payment (to be signed in a chip inside the card) valid for a short time period and only usable once in the transaction only. You verify it by looking at the reader, or a display on the card itself and reading the name of the store you're making the payment for, and press a button on the card or on the reader to grant/deny it. In this way, no external software outside the card is involved with granting money which can be tampered with. The signature takes place in the card. No credit card numbers stored. Payment made. Everyone's happy.

    --
    Banu
  4. Re:being a site full of geeks by gweihir · · Score: 4, Insightful

    the processor must pay for a replacement card for every single victim

    An one more: Processors should have mandatory insurance against this event. Then the insurance company would check their security with a keen eye....

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  5. The only way by BCW2 · · Score: 4, Insightful

    To end this kind of thing is to make the companies handling records financialy responsible for any problems. Triple the amount in damages to each misused account. They won't do anything until it affect the P&L severely. It's the only thing big corporations understand.

    --
    Professional Politicians are not the solution, they ARE the problem.
  6. Re:Also proves that.. by Curtman · · Score: 3, Insightful

    Even on Slashdot hackers get a bad name. Hackers are people who love to play with technology, not cause carnage and destruction. This guy is a "criminal".

  7. imagine a similar disaster by e**(i+pi)-1 · · Score: 4, Insightful

    Now imagine a headline in 10 years: "120 Million biometric data stolen" It seems that the technical challenges to keep data secure has sunk in already. This credit card data breach could support these concerns.