VISA, MasterCard Warn of 'Massive' Breach At Credit Card Processor 164
concealment writes with news that VISA and MasterCard have been warning banks of an incident at a U.S. card processor that may have compromised as many as 10 million credit card numbers. From the article:
"Neither VISA nor MasterCard have said which U.S.-based processor was the source of the breach. But affected banks are now starting to analyze transaction data on the compromised cards, in hopes of finding a common point of purchase. Sources at two different major financial institutions said the transactions that most of the cards they analyzed seem to have in common are that they were used in parking garages in and around the New York City area."
According to the Wall Street Journal, the breached company is Global Payments Inc.
Re:No Source? (Score:5, Interesting)
It seems like all of the links pertaining to this story point back to the Krebs blog as the source for the information. Yet, Krebs provides no 3rd party verification to the story other than a 'source'
Shit like this is how rumors get started. Can anyone verify with a statement from Visa/MC, a bank, etc? I'm not saying it isn't true, but even the WSJ article is referencing the Krebs blog.
Re:No Source? (Score:5, Interesting)
...I wanted to know who had the breach, so I could avoid ever giving them business that wasnt cash based, but they would not tell me. That part pisses me off. There needs to be an awareness as to which vendors dont find it worth their time to protect me , so I can make a decision to not use them.
I don't know if you can believe the story, but if the breach occured with a credit card processor and not the retailer. The Credit card processor is the retailer's vendor (e.g., the company that the retailer contracts with to process credit card batches). This vendor relationship is not unlike the company that the retailer buys paperclips from, or the company that processes their payroll. Credit card processing is a highly competitive industry. Some retailers will often switch processors every few years when competing companies offer promotions with lower merchant fees (the fees/percentage that they charge the retailer for processing a credit card transaction).
Even if you had been told what retailer the fraudulent charges were made at, since there are so many credit card processing companies, it's quite likely that the retailer didn't use the same processing company. Additionally, because of credit card merchant contracts, retailers are supposed to follow certain "merchant" rules (e..g, no minimum*** or maximum purchase amounts, no steering to different forms of payment, not allowed to require ID, etc, etc). So even if the retailer wanted to be more careful when trying to accept this apparently frauduant card transaction, they probably aren't allowed by contract to be as paranoid as you apparently want them to be...
So feel free to throw the baby out with the bath water, but it's might be just as likely that the retailer you want to disown actually helped the credit card company identify the fraudulent transaction before it appeared on your credit card statement. If that were the case, perhaps you should be thinking about thanking them, before you disown them?
*** As of part of the Dodd-Frank wall street reform act of 2010, retailers are now allowed by law to imposed a minimum transaction amount up to $10 (this law supercedes the language in the contracts in place with the credit card companies)