Visa and master card both have just confirmed that payment processor breach. They also warned all the member banks and confirmed that this may impact more than 10,000,000 credit cards. This breach is believed to have occurred between January 21 and February 25, 2012.
It is also confirmed that the hackers got “full Track 1 and Track 2 data” which means perpetrators got enough to counterfeit new cards.
Visa Said in a statment,
Visa Inc. is aware of a potential data compromise incident at a third party entity affecting card account information from all major card brands. There has been no breach of Visa systems, including its core processing network VisaNet.
Visa has provided payment card issuers with the affected account numbers so they can take steps to protect consumers through independent fraud monitoring and, if needed, reissuing cards.
It’s important for U.S. Visa consumer cardholders to know they are protected against fraudulent purchases with Visa’s zero liability fraud protection policy, which exceeds federal safeguards. As always, Visa encourages cardholders to regularly monitor their accounts and to notify their issuing financial institution promptly of any unusual activity. Additional consumer security tips are available at www.VisaSecuritySense.com.
Every business that handles payment card information is expected to protect the security and privacy of their customers’ financial information by adhering to the highest data protection standards. Visa also supports advanced security layers such as encryption, tokenization and dynamic authentication through EMV chip technology to further protect sensitive account information and minimize the impact of data compromises.
Master Card said in the statement:
MasterCard is currently investigating a potential account data compromise event of a U.S.-based entity and, as a result, we have alerted payment card issuers regarding certain MasterCard accounts that are potentially at risk. Law enforcement has been notified of this matter and the incident is currently the subject of an ongoing forensic review by an independent data security organization. . .
Info Source – ZDnet
