Related Stories

Top 5 Stories


Payment processor suffers data breach that exposes 50,000 credit card numbers

30 March 2012

Global Payments, an Atlanta-based credit and debit card processor for banks and merchants, has suffered a security breach that has exposed information on at least 50,000 cardholders, the Wall Street Journal reported.

The full extent of the breach has not be determined, but MasterCard and Visa alerted their card-issuing bank customers about the breach, the newspaper reported.

Both MasterCard and Visa stressed that their systems were not breached, but declined to comment on how many card had been compromised.

“MasterCard has alerted payment card issuers (the banks) regarding accounts that are potentially at risk. And as we’ve stated in the press, MasterCard’s own systems have not been compromised”, according to a MasterCard blog.

“There has been no breach of Visa systems, including its core processing network VisaNet.Visa has provided payment card issuers with the affected account numbers so they can take steps to protect consumers through independent fraud monitoring and, if needed, reissuing cards”, Visa said in a statement.

Brian Krebs, who first broke the story although without the name of the breached processor, put the estimate as high as 10 million card numbers, based on discussions with financial sources.

Avivah Litan, an analyst with Gartner, said her sources were telling her that they are “seeing signs of this breach mushroom.”

Whatever the final number, this is not good news for Global Payments or the credit cards companies. Bloomberg reported that trading was halted Friday in New York on Global Payments' stock.

Commenting on the breach, Neil Roiter, research director at Corero Network Security, said that credit card information continues to be vulnerable despite the widespread adoption of Payment Card Industry Data Security Standard (PCI DSS) rules. PCI DSS is “highly prescriptive in nature, but simply complying does not ensure credit card security. Companies that rely on PCI DSS to solely dictate their security measures will continue to remain vulnerable to attack", he said.

Mike Potts, CEO of Lancope, commented that the breach “serves as yet another reminder that conventional security solutions are fallible. The perimeter based approach is not sufficient and fails to protect critical data and internal resources that bypass these point solutions.”

This article is featured in:
Data Loss  •  Industry News


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×