MasterCard, Visa Payment Processor Says Violation Occurred In Early March; 50,000 Cards At Risk

Earlier today, we wrote about how MasterCard and Visa had begun notifying banks about a possible data breach at a third-party company that processes credit card payments. Now more information has come out regarding when the breach occurred and how many people may be affected.

The payment processor has been identified as Atlanta-based Global Payments, which tells Consumerist in a statement that it determined card data “may have been accessed” in early March.

The company says it “immediately engaged external experts in information technology forensics and contacted federal law enforcement,” and “notified appropriate industry parties to allow them to minimize potential cardholder impact.”

Meanwhile, it’s being reported that approximately 50,000 card accounts may have been put at risk by the breach, though no one is saying whether or not any fraudulent transactions were attempted on the affected accounts.

Both MasterCard and Visa have tried to calm customers by stating that their respective customer databases were not hacked.

Comments

Edit Your Comment

  1. gman863 says:

    Only 50,000?

    This is chump change compared to the millions of credit card numbers hacked from TJX (Marshalls, T.J. Maxx) a few years ago.

  2. bnceo says:

    Got told by my Bank (BoA) that my Visa Debit Card was used (by me) at a place that might have been compromised. Got this 2 weeks ago.

  3. CrazyMann says:

    This may explain why the Visa card I never use online suddenly started showing charges for online Chinese companies.

  4. Jenny8675309 says:

    Visa notified me about two weeks ago about my card. There was a fraudulent charge, thankfully only one, and they quickly reissued me a new cc number.

  5. John says:

    Now I am glad that I use my Amex everywhere!

  6. areaman says:

    “…no one is saying whether or not any fraudulent transactions were attempted on the affected accounts.”

    Sounds like the hacker(s) may just want ransom from Atlanta-based Global Payments instead of trying to buy a bunch of stuff and then selling it on ebay.

  7. dragonwerx says:

    I am so glad Global Payments is not my gateway/processor anymore! When I had a retail jewelry store, that’s who I used (fees were high, I found out too late). Closed the store in mid-2010, now use BBT.

    There’s an article in Wired News that it’s the merchants who will bear the brunt of this hack. If they don’t notify *every* customer in a “timely” manner (varies by state), the states levy a fine against them.

  8. HogwartsProfessor says:

    No notifications here…I haven’t seen anything weird on my bank account either. Hopefully I didn’t buy anything from somewhere that was hacked.

  9. usa_gatekeeper says:

    I checked online banking acc’t tonight, BofA Visa card had disappeared from the account. Called Cust Svc, auto-informed that account is closed; spoke with “Jose” (strong accent), learned card has been cancelled for security purposes and they’re sending a new one. “Letter to follow”, he said. At least, I think that’s what he said.

    • usa_gatekeeper says:

      Note to BofA Visa customers who use “Shop Safe” CC numbers … when BofA recently closed my Visa acc’t number because of a potential hack/breach/fraud (whatever they’re calling it) and the account disappeared from my online banking, my online Shop Safe information disappeared along with it.

      When the new card arrives, I’ll look to see if the Shop Safe info reappears online, but right now I’m guessing it’s history. So if you have Shop Safe, you might want to plan ahead for events like this.

      • usa_gatekeeper says:

        The account has reappeared on my BofA online banking web site showing the last 4 digits of the new CC number (assuming new cards are in the mail), and all my ShopSafe info reappeared as well. OK, no problem.

  10. Press1forDialTone says:

    The bottom line is:

    NO third party payment processors other than the ultimate
    issuer of the card in question.

    Mastercard, VISA, Discover, American Express, etc should ALL
    be forced by regulation to own and run the physical plant that
    processes their cards from card swipe to the point where the
    transaction is stored in a database. They should be held
    personally (since indeed the Supreme Court says that “corporations
    are people”) for the management of the entire transaction from the
    beginning to the point at which the statement is issued for payment
    (or the debit is done at the target bank) . The intense focus on the
    branded issuer (MasterCard, not necessarily the associated bank,
    like Chase) will force them to shed third party IT houses that don’t
    care about security and make them bring that inside the org and
    unify all policies and practices based on state of the art IT security
    standards. If a breach occurs they cannot hide. They have hiding
    behind sub-standard 3rd party IT for decades and decades. In the
    course of providing e-commerce capabilities for a university where I
    have worked in IT for 30 years, I was appalled at the lax standards
    I encountered from ALL of the branded cards.

  11. É®îç says:

    This could explain why most cards I’ve seen were used in Georgia, Florida, Louisiana, and Texas.