Intruder Breaches Credit Card Security
An “unauthorized intruder” gained access to as many as 8 million credit card account numbers -- including Visa, MasterCard and American Express -- by breaching the security of a company that processes transactions for merchants, the card companies said Tuesday.
Visa International, which is based in Foster City, Calif., said that there had been no sign of fraudulent activity involving the accounts and that the card association was monitoring the situation.
Christine Elliott, a spokeswoman for New York-based American Express Co., said that security procedures were in place to determine whether card numbers were being misused but that “we’re not aware of any unusual activity with the affected cards.”
MasterCard Inc., which is based in Purchase, N.Y., said it was notified of the breach early this month and that “approximately 8 million account numbers, of which 2.2 million were MasterCard cards, were possibly compromised.”
An estimated 3.4 million Visa cards were involved, Visa U.S.A. spokesman John Abrams said. American Express declined to give a total. It was not immediately clear how many other card issuers were affected.
None of the card companies would identify the third-party processor or say exactly when or how the unauthorized intrusion occurred. As a result, it could not be determined if the incident involved an outside hacker, unauthorized access by an employee or physical theft of a database.
Processors handle transactions for merchants, bundling and transmitting charges to the banks that issue the cards.
Visa said it “has been informed by a third-party payment processor about an unauthorized intrusion.” It said that after learning of the incident, the company’s fraud team “immediately notified all affected card-issuing financial institutions and is working with the third-party payment card processor to protect against the threat of a future intrusion.”
MasterCard said that investigations were underway.
“We have notified our member financial institutions of the accounts involved, so that they may monitor each account for fraud and/or reissue cards as appropriate,” the association said.
