Major Security Breach, Warns Mastercard

Published: Friday, June 24, 2005 Online-Casinos.com

MAJOR SECURITY BREACH, WARNS MASTERCARD

Check those credit card accounts carefully

Security Focus and many other media outlets reported the shocking news this week that data thieves had breached the systems of credit-card processor CardSystems Solutions and made off with extensive data on as many as 40 million accounts affecting various credit-card brands such as Discover and Visa.

The reports were confirmed by announcements from MasterCard International.

The credit-card giant's anti-fraud systems detected the breach and, after analysing the data, MasterCard pinpointed the Atlanta, Georgia-based third-party processor as responsible, the company said in a statement.

"Working with all parties, including issuing banks, acquiring banks, the processor and law enforcement, MasterCard immediately launched an investigation into the breach, and worked with CardSystems to remedy the security vulnerabilities in the processor's systems," the statement said. "These vulnerabilities allowed an unauthorised individual to infiltrate their network and access the cardholder data."

The breach is thought to be the largest data leak to date, potentially affecting one out of every seven credit cards issued in the U.S., according to MasterCard estimates.

The credit-card giant verified that information on at least 68,000 MasterCard accounts was taken from CardSystems' database by "running a script," said spokeswoman Jessica Antle.

MasterCard declined to release more information on the vulnerabilities for fear it would impact the ongoing investigation, she said.

According to CardSystems, the company first identified the "potential security incident" on May 22 and notified the FBI as well as Visa and MasterCard. The company hired a security company to check and took additional measures to harden the systems, the company said in a statement.

CardSystems processes more than $15 billion annually in credit-card transactions on behalf of more than 105,000 small to medium businesses, according to the company's site.

The breach potentially exposed 40 million cards of various brands. As many as 13.9 million MasterCard-branded credit cards may have been affected, the company stated. MasterCard notified its member banks of the specific card accounts affected.

Highly sensitive data, such as social security numbers or birth dates are not kept on the cards and are not at risk, the company said. MasterCard stressed that consumers have zero liability for unauthorised transactions and asked that consumers report suspicious transactions to the card's issuing bank.

MasterCard has given CardSystems a limited amount of time to meet the credit-card giant's standards for security, the company said in the statement. The vulnerabilities that led to the current breach have been fixed, MasterCard said.