Security Breach Exposes Data On Millions Of Payment Cards - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Security Breach Exposes Data On Millions Of Payment Cards

As many as 40 million cards may have been exposed, making it the largest breach of personal financial data in a string of recent cases.

MasterCard International said Friday it's notifying banks of a breach of payment-card data, which could expose more than 40 million cards of various brands to fraud.

About 13.9 million of the affected cards carry the MasterCard brand. Other major cards that could potentially be affected include American Express, Discover, and Visa.

The breach occurred at CardSystems Solutions Inc., a third-party processor of payment-card data, according to MasterCard. CardSystems officials weren't immediately available for comment.

An unauthorized person accessed the network and got card data. MasterCard said it spotted the problem using fraud-monitoring software. MasterCard says it worked with CardSystems to fix the vulnerabilities in the processor's systems.

MasterCard is giving CardSystems a "limited amount of time" to demonstrate compliance with MasterCard's security requirements, according to a statement.

The incident is the latest in a string of incidents in which cardholder data has been lost or stolen. Most banks have systems in place for detecting fraud at the individual cardholder level; such systems employ pattern-recognition technology to score transactions based on risk, weighing factors such as whether a transaction is being performed in person or on the Web, or whether it's for an unusually high amount. Visa this week introduced an advanced authorization system that alerts banks to potential fraud by organized crime rings using stolen or fake card numbers.

Banks face risks to their reputations, as well as high costs associated with notifying customers resulting from data-security lapses. "Financial institutions need to have contingency plans in place for these situations, whether it's tapes falling off a truck or hackers penetrating a network," says Ariana-Michele Moore, senior analyst at Celent Communications.

Citigroup earlier this month notified 3.9 million customers about a loss of tapes containing sensitive data. Earlier this year, Bank of America alerted 1.2 million credit-card customers about a loss of tapes, and HSBC North America warned 180,000 customers that their General Motors-branded MasterCard account numbers may have been stolen while making transactions at Polo Ralph Lauren.

Major card companies have adopted policies for compliance with the Payment Card Industry Data Security Standard, which requires merchants and payment processors to safeguard account data and protect networks against attack.

MasterCard's Site Data Protection policy requires most third-party processors to build and maintain a secure network, protect cardholder data, maintain a vulnerability-management program, implement strong access controls, regularly monitor and test networks, track and monitor access to networks and cardholder data, regularly test security systems and processes, and maintain an information security policy.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

11 Things IT Professionals Wish They Knew Earlier in Their Careers
Lisa Morgan, Freelance Writer,  4/6/2021
Time to Shift Your Job Search Out of Neutral
Jessica Davis, Senior Editor, Enterprise Apps,  3/31/2021
Does Identity Hinder Hybrid-Cloud and Multi-Cloud Adoption?
Joao-Pierre S. Ruth, Senior Writer,  4/1/2021
Register for InformationWeek Newsletters
Current Issue
Successful Strategies for Digital Transformation
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll