Reuters: Money: MasterCard, Visa warn of possible security breach

Reuters: Money Reuters.com is your source for breaking news, business, financial and investing news, including personal finance and stocks. Reuters is the leading global provider of news, financial information and technology solutions to the world's media, financial institutions, businesses and individuals. // via fulltextrssfeed.com

MasterCard, Visa warn of possible security breach Mar 30th 2012, 18:01 A MasterCard logo is seen on a door outside a restaurant in New York in this February 3, 2010 file photo. MasterCard Inc is investigating a potential security breach related to a third-party vendor and has alerted banks and law enforcement officials, the company said on March 30, 2012. The credit-card processor said the issue involves a company based in the U.S. and is also being reviewed by an independent data-security organization. Credit: Reuters/Shannon Stapleton/Files By Lauren Tara LaCapra Fri Mar 30, 2012 2:01pm EDT (Reuters) - MasterCard Inc and Visa Inc have notified U.S. banks of a potential security breach, the latest in a string of incidents that have put the personal information of millions of credit card holders at risk. The companies, which are the two largest global credit card processors, said the issue stemmed from a third-party vendor and not their own internal systems. Discover Financial Services said it is also monitoring accounts for suspicious activity and will reissue cards "as appropriate." Following news of the breach, shares of Atlanta-based Global Payments Inc, which acts as a credit-checking middleman between merchants and card processors, were halted after dropping more than 9.1 percent. A representative did not immediately return a request for comment. MasterCard said it notified law enforcement officials and has hired an independent data-security organization to review the possible breach. A U.S. Secret Service spokesman said the agency was investigating, but declined to give any specifics about the breach. "MasterCard is concerned whenever there is any possibility that cardholders could be inconvenienced and we continue to both monitor this event and take steps to safeguard account information," the company said in a statement. "If cardholders have any concerns about their individual accounts, they should contact their issuing financial institution." Visa said it provided banks with affected customers' account numbers and emphasized that customers are not responsible for fraudulent purchases. The companies' statements came after the blog Krebs on Security reported that MasterCard and Visa have been alerting banks across the U.S. about a "massive" breach that may affect more than 10 million cardholders. The report said accounts were compromised between January 21, 2012 and February 25, 2012. JPMorgan Chase & Co said has been notified of the breach and is monitoring affected customers' accounts. Representatives of other big debit- and credit-card issuers, including Bank of America Corp and Citigroup Inc, as well as card processor American Express Co, either declined to comment on the matter or did not immediately respond to inquiries. Thousands of U.S. banks that issue credit and debit cards receive daily alerts regarding breaches through a system referred to as CAMS, said Thomas McCrohan, an analyst with Janney Capital Markets. PROCESSING PIPELINE Once a person swipes a card to pay, the transaction is sent through a chain of processing. The account number, expiration date and possibly the card holder's name is sent from the point of payment to a processor which then connects to Visa or MasterCard. Information is then sent to the card issuer â€" a bank â€" which ultimately authorizes the transaction. The actual transfer of money occurs later. The information that was likely collected illegally is called Track 1 and Track 2 data. A person improperly using the information can transfer the account number and expiration date to a magnetic stripe on a card and then try and use the card on a web site such as eBay Inc. Those transactions are aggregated and sent to a server, said Avivah Litan, security analyst at Gartner Research, but "it has a lot of hops along the way" before the card information reaches a processor. The illegal use of the data could be stymied if an online merchant asks for the three or four digits printed on a card known as the "CVV code." Processing companies, which perform millions of authorizations each day, are also supposed to encrypt card information. But a breach could occur if someone gains access to the system and identifies a gap in the encryption. "The systems can all be made tighter, but if they're too tight no transactions would ever be approved," said Edward Lawrence, a director at Auriemma Consulting Group, a payment systems consultant. "You still have to allow commerce to occur." The Visa-Mastercard breach is the first major instance this year of consumer information put at risk by technological flaws or hacking, but there are plenty of examples of massive data breaches in recent years, affecting banks, retailers, technology companies and payment processors. Last June, Citigroup said computer hackers breached the bank's network and accessed data of about 200,000 card holders in North America. Sony also reported several recent attacks, including one last year in which hackers accessed the personal information on 77 million PlayStation Network and Qriocity accounts. Google Inc suffered a major attack on its Gmail accounts in 2011 that it said appeared to originate in China, and companies including TJX Companies Inc and Heartland Payment Systems Inc have also had their systems compromised. "The fact that there has been another breach at a credit card processor shouldn't come as a great surprise," said Geoff Webb of data-protection company Credant Technologies. "Credit card thieves are constantly looking for opportunities to identify and attack sites where there is a weakness in security." (Reporting by Lauren Tara LaCapra, Carrick Mollenkamp and Jed Horowitz in New York, Joseph Menn in San Francisco, Ben Berkowitz in Boston, and Rick Rothacker in Charlotte, North Carolina; writing by Lauren Tara LaCapra; editing by Gerald E. McCormick and Andre Grenon) Link this Share this Digg this Email Reprints

You are receiving this email because you subscribed to this feed at blogtrottr.com. If you no longer wish to receive these emails, you can unsubscribe from this feed, or manage all your subscriptions