According to Search Security, Visa and Master Card alerted banks on Friday of a potential data breach involving a third-party. Although the breach did not involve either companies’ systems, approximately 10 million card numbers have been affected. The Wall Street Journal identified the third-party processor on Friday as Atlanta-based Global Payments, Inc.
Visa provided payment card issuers with the account numbers affected so consumers can be protected through fraud monitoring and card re-issue. Master Card has notified law enforcement and says the incident is under investigation.
According to a blog post by Avivah Litan, vice president and distinguished analyst at Gartner, people in the card data business told her they’re seeing signs of a this breach mushroom. She stated “From what I hear, the breach involves a taxi and parking garage company in the New York City area, so if you’ve paid a NYC cab in the last few months with your credit or debit card — be sure to check your card statements for possible fraud.”
She also said “The breach illustrates that knowledge-based authenticationshould not be relied on…a layered authentication approach is always best.I heard (and this may not be factual) that the crime was perpetrated by a Central American gang that broke into the company’s system by answering the application’s knowledge-based authentication questions correctly. Looks like the hackers took over an administrative account that was not protected sufficiently,” she said.
With all that being said, ensure you check and double-check vendors, customers, and third-party processors as well as you can because, although the price of doing business is high, it should not have a devastating impact on you or your customers.
For more info, check out System Security.