February 27,2009
-
News: Yet, Another Payment Processor Breach?
Reports are coming out of another credit card data breach taking place at a, yet undisclosed, payment processor. This information is emanating from several credit unions around the country. They are reporting the breach of vital credit card data from a common payment processor who, at this point has not made it public. The numbers of affected credit card holders are not known, either.
Only two weeks ago, the VISA card association indicated that a different payment processor reported the credit card breach to them but, they are withholding the identity of who it was, pending ongoing forensics. It was indicated that this credit card breach is not as large as the recent one at Heartland's (100 million card transactions) but, the numbers were still significant.
The word from VISA is that the breach included all major credit card brands. As far as how much card data was stolen, we are told that, at least, it included the PAN (card number) and the card's expiration date.
Some of the fragmental evidence which has come to light so far are announcements by various credit unions across the East. Tuscaloosa Virginia Credit Union has reported to it's card holders that "malicious software was placed on the processor's system." The announcement, however, denies that credit card data was compromised by the hackers. Elsewhere, both the Alabama Credit Union and the Pennsylvania Credit Union Association have announced that, due to the breach, a new $99-per day limit policy would be in force for debit card purchases and ATM withdrawals that were VISA-based. Of course, they are advising that card holders closely monitor their statements for the next few months.
Since payment processors are not tied to credit card lenders but to merchants, it seems unlikely that the damage can be deemed to only affect certain credit unions. They would usually affect any card holder who made purchases at stores and other business that were contracted to that particular processor. Soon, we may know more.