Slashdot Mirror

← Back to Stories (view on slashdot.org)

VISA, MasterCard Warn of 'Massive' Breach At Credit Card Processor

Posted by Soulskill on from the your-security:-priceless dept.

concealment writes with news that VISA and MasterCard have been warning banks of an incident at a U.S. card processor that may have compromised as many as 10 million credit card numbers. From the article: "Neither VISA nor MasterCard have said which U.S.-based processor was the source of the breach. But affected banks are now starting to analyze transaction data on the compromised cards, in hopes of finding a common point of purchase. Sources at two different major financial institutions said the transactions that most of the cards they analyzed seem to have in common are that they were used in parking garages in and around the New York City area." According to the Wall Street Journal, the breached company is Global Payments Inc.

8 of 164 comments (clear)

  1. Really, no fucking article? by Anonymous Coward · · Score: 5, Informative

    And slashdot gets increasingly pathetic. Well, if anyone cares to RTFA:
    http://online.wsj.com/article/SB10001424052702303816504577313411294908868.html

    Not a whole lot of info from any source, Krebs seems to be the best though:
    http://krebsonsecurity.com/2012/03/mastercard-visa-warn-of-processor-breach/#more-14393

  2. Re:No Source? by Anonymous Coward · · Score: 5, Informative

    Krebs is all over it:

    http://krebsonsecurity.com/2012/03/mastercard-visa-warn-of-processor-breach/

  3. Re:No Source? by EliSowash · · Score: 5, Informative

    No, it's real. I saw it on Krebs earlier. http://krebsonsecurity.com/2012/03/mastercard-visa-warn-of-processor-breach/

  4. Thankfully! by fuzzyfuzzyfungus · · Score: 5, Funny

    Luckily, nobody would be stupid enough to build a money transfer system where the user ID and the authentication secret are identical, so this breach should be no big deal.

    Oh wait.

    Fuck.

    1. Re:Thankfully! by Anonymous Coward · · Score: 5, Informative

      What do you expect when the parties that can best improve security (banks, VISA, Mastercard) have made sure that merchants (who can do very little about security) carry most of the liability from security failures?

      Banks, VISA, and Mastercard make tons of money from transaction fees, so they want to make transactions as easy as possible. They don't have to pay much for security breaches, so they are willing to sacrifice security for more transactions and more fees.

      If a buyer goes into a store with a stolen card, there is practically nothing a merchant can do to detect the fraud and stop the buyer from walking out the door with merchandise. Who pays for the fraud? The merchant.

      Until banks are on the hook for this fraud, nothing will change.

  5. Re:No Source? by ohnocitizen · · Score: 5, Insightful

    This actually impacted me. I live in NY, and was contacted my my credit card company. They informed me I was getting a new card, that visa and mastercard said there was a breach - but were not required to report who had compromised my credit card number. "At least they tell us there is a breach". This right here is why "the market" is insufficient protection for consumer rights. We need a law requiring credit card companies to disclose businesses that compromise data.

  6. Re:No Source? by berashith · · Score: 5, Insightful

    100% agree. I just went through this a few weeks ago. VISA told my card issuer that there had been a breach. They actually sent me a new card, but didnt tell me until fraudulent use occured. This was before my new card arrived, which actually shortened the amount of time that I had no credit card. I wanted to know who had the breach, so I could avoid ever giving them business that wasnt cash based, but they would not tell me. That part pisses me off. There needs to be an awareness as to which vendors dont find it worth their time to protect me , so I can make a decision to not use them.

  7. Re:No Source? by wickerprints · · Score: 5, Insightful

    Because all borrowers end up indirectly paying for the cost of fraud. As is the case with many forms of financial risk, a lender typically insures against identity theft and credit card fraud. The cost of that insurance is factored into their interest rate and fee calculations and is passed on to the borrower.

    Granted, insurance doesn't completely absolve the insured of all responsibility, in as much as a driver with car insurance would not think to be totally careless about driving. Lending institutions still have an interest in preventing fraud despite being insured. The point is that when fraud increases, or if there's a catastrophic breach (as in this case, opposed to isolated small-scale instances of ID theft), the associated financial costs eventually reach the borrowers.