MasterCard International has revealed that a computer security breach at a payment processing company has exposed more than 40 million credit card accounts of all brands to the risk of fraud.
This breach occured at an Arizona company that processes transactions for Visa, MasterCard, American Express and Discover. MasterCard spokeswoman Jessica Antle, said, “We have spotted some fraud … but it’s proportionately very small.” She declined to disclose the amount involved.
She added that a computer hacked had infiltrated a database system run by CardSystems Solutions Inc, in Tucson, Ariz. It is estimated that this firm processes more than $15 billion in payments each year. Almost 20 million Visa and 13.9 million MasterCard accounts were at risk. The remaining accounts affected belonged to American Express or Discover cardholders. The F.B.I is now investigating, Deborah McCauley, a spokeswoman for the F.B.I. field office in Phoenix said that the agency was trying to piece together the scope of the fraud.
MasterCard said that it had found that CardSystems Solutions Inc had violated agreements by retaining the account numbers in its systems. The firm was to have transferred these numbers to the bank handling the merchants’ transactions. John Brady, MasterCard’s head of merchant risk services, said, “When we started to dig into it, working with the bank and working with their systems, we detected it couldn’t be them and basically triangulated at the process and arrived at CardSystems Solutions.” He added that CardSystems was “no longer storing the sensitive data.”
Visa, USA, said that it was aware of this breach but had not spoken about it at the request of the authorities. Discover and American Express had recently learned of the breach and were closely monitoring accounts.
Chris Hoofnagle, senior counsel for the Electronic Privacy Information Center, a digital rights group, commented, “The processing companies are hubs for millions of payment records. It is the juiciest target for an individual who wants account numbers. It is a honey pot for identity thieves.” He added that users should monitor their credit card bills more closely and should look to acquire new numbers. MasterCard added that since personal data like Social Security numbers and dates of birth, was not stored on its cards, it was not at risk for identity theft.
New York Democratic Sen. Charles Schumer, who has sponsored a consumer data protection law, has asked Congress to expedite the process and to pass legislation, “Hardly a week goes by without startling new examples of breaches of sensitive personal data reminding us how important it is to pass a comprehensive identity theft prevention bill in Congress quickly,” he said in a statement.