This latest announcement is believed to have affected as many as 10 million credit card accounts. If consumers were rarely worried about the potential before, with this many affected, there’s sure to be major problems for the credit card giants. On Sunday, it was announced it’s no longer MasterCard and Visa that’s affected, but perhaps Discover and American Express, as well.
MasterCard, on Friday, released a presser,
As a result, we have alerted payment card issuers regarding certain MasterCard accounts that are potentially at risk.
It also says “MasterCard’s own systems have not been compromised in any manner”. Its presser goes on to reiterate its consumers and businesses are its top priority and that it will be assisting any law enforcement efforts to investigate this breach.
For its part, Visa is also saying it’s own networks had not been breached. As of Sunday night, both Visa and MasterCard maintain their statements made on Friday. Part of Visa’s presser reads:
It’s important for U.S. Visa consumer cardholders to know they are protected against fraudulent purchases with Visa’s zero liability fraud protection policy, which exceeds federal safeguards. As always, Visa encourages cardholders to regularly monitor their accounts and to notify their issuing financial institution promptly of any unusual activity.
Every business that handles payment card information is expected to protect the security and privacy of their customers’ financial information by adhering to the highest data protection standards. Visa also supports advanced security layers such as encryption, tokenization and dynamic authentication through EMV chip technology to further protect sensitive account information and minimize the impact of data compromises.
Both Discover and American Express are reporting that while it could affect their card holders, they don’t believe it’s likely and certainly not to the degree that both Visa and MasterCard are potentially at risk for.
Further, law enforcement officials, all the way up to the U.S. Secret Service, have been notified and a number of these agencies have begun independent investigations. All banks that might have been affected are contacting any account holders that could be at risk of being breached.
Although the information wasn’t readily found by the media until well after the U.S. markets closed, Global Payments confirmed that its systems were the ones hacked. It says it believes the breach occurred in early March, 2012. Interestingly, its stocks fell earlier in the day by 9% and when that happened, stock trading halted.
Also, both Visa and MasterCard knew about the breach at least as early as last Monday as it began issuing “non public” alerts to banks. It reported then the breach occurred between January 21 and February 25 2012. There’s been no clarification on what their memos said and what Global Payments announced. The alerts went on to say it’s believed both Track 1 and Track 2 tiers of information was stolen, which is what’s needed to counterfeit new credit cards.
So far, according to many of the banks that have begun analyzing the information for “common denominators”, it looks as though many of the credit card consumers used their cards in parking garages in New York City. If any other similarities have been found, it’s not been announced. It’s also not been elaborated further on whether or not 10 or a one million of these credit cards were used in the garages. Many more banks and credit unions are reporting the activity was “geographically dispersed”.
Not only that, but it wasn’t Global Payments that reported it. News broke on Krebs on Security, a blog by former Washington Post reporter Brian Krebs. He also reports speaking to several analysts who are now concerned about “seeing signs of the breach mushroom”.
Losses from credit card and debit card fraud hovers around $2.4 billion a year; however, that number grows each year. Federal Reserve Statistics reveal the total loss to consumers, banks and businesses is around $52.6 billion every year.
For those interested, Global Payments will be holding a press conference on Monday morning at 8 a.m. Eastern. For those wishing to access the conference call either as it’s happening or to hear the archive of the call, you can visit the Global Payments Website or dial into 1-888-895-3550 and use pass code “GPN” (no quotes).