Visa, Mastercard warn of processor breach

Credit card firms MasterCard and VISA have alerted US banks about a recent major breach at a US-based credit card processor, a security researcher said.

 

In a blog post, Brian Krebs cited sources in the financial sector who described the breach as “massive,” and may involve more than 10 million card numbers.

 

"The card associations stated that the breached credit card processor was compromised between Jan. 21, 2012 and Feb. 25, 2012. The alerts also said that full Track 1 and Track 2 data was taken – meaning that the information could be used to counterfeit new cards," he said.

 

He also said VISA and MasterCard have begun warning banks about specific cards that may have been compromised in separate non-public alerts.

 

A separate article on The Wall Street Journal website identified the breached processor as Global Payments Inc., which processes credit and debit cards for banks and merchants.

 

Krebs said that while neither VISA nor MasterCard have said which US-based processor was the source of the breach, affected banks are now analyzing transaction data on the compromised cards.

 

"Sources at two different major financial institutions said the transactions that most of the cards they analyzed seem to have in common are that they were used in parking garages in and around the New York City area," he said.

 

He noted PSCU, a provider of online financial services to credit unions, said it alerted 482 credit unions that appear to have had cards impacted by the breach.

 

PSCU added some 56,455 member VISA and MasterCard accounts were compromised, and fraudulent activity had been detected on 876 accounts.

 

Krebs cited a statement from Visa saying that while it is aware of a potential data compromise at a third-party entity, "there has been no breach of Visa systems, including its core processing network VisaNet."

 

On the other hand, Krebs cited information that law enforcement investigators believe this breach may be connected to Dominican street gangs in and around New York City.

 

"Additionally, sources are reporting that the bulk of the fraudulent activity appears to be centering around commercial credit and debit cards (those issued to businesses)," he said. — TJD, GMA News