Visa and MasterCard announced an investigation into whether a data security breach at one of the main companies that processes transactions for them exposed private customer information. The breach occurred at Global Payments, a company based in Atlanta that helps Visa and MasterCard process transactions for merchants. The data breach could potentially affect one million to three million credit card holders.
Global Payments has provided little information on where the breaches took place, how accounts were hacked and other details that could indicate which customers might have had their account information exposed. The breach occurred sometime from late January to late February, and included Track 1 and Track 2 data, which includes details like names, card numbers, validation codes and customer addresses. When the victims have been identified, the companies will notify them and replace their credit cards, if necessary. This is the second breach at Global Payments in the last 12 months.
This latest incident underscores concerns about the vulnerability of electronic financial data. Even though financial services companies have improved security over the last year, security consultants say that the sophistication of the attacks is increasing. Tim Matthews, a director at security firm Symantec, said, “Thieves are after high concentrations of credit card numbers, which makes payment processors the perfect target.”
Criminals are now targeting a specific part of the credit card system – the payment processors that act as a bridge between banks and retailers – as the weak link in the security of these companies. The goal for hackers is to break the data’s encryption as it travels through the payment processor system, exposing the account information. Tom Kellerman, vice president at computer security company Trend Micro, said, “Hackers are well aware that these systems don’t have the same sophisticated levels of security as the banks. The payment processors have become their Achilles’ heel.”
