Hackers hit credit card processor as attacks rise
Groups target security flaws
Merchants and consumers could be big losers in the latest case of hackers cracking the complex systems used to process credit and debit card transactions.
Visa and Mastercard ac- knowledged Friday that they’ve been alerting banks about a major breach at Global Payments, an Atlanta-based payment card processing firm.
Global Payments said late Friday that it had discovered the breach in March and reported it to industry officials and the FBI. The company scheduled a press conference for today.
Gartner banking security analyst Avivah Litan says unverified reports point to a New York City street gang with Central Amer- ican ties taking control of “an administrative account that was not protected sufficiently.”
“I’ve spoken with folks in the card business who are seeing signs of this breach mushroom,” Litan says.
Security blogger Brian Krebs, who broke the story, says thieves cracked into Global Payments’s network between Jan. 21 and Feb. 25. He says they may have swiped more than 10 million credit and debit card transaction records.
Mastercard issued a statement advising card holders to contact the financial institution that issued their cards with any concerns. Visa emphasized that no Visa systems were breached.
Credit card processors have been breached before. Heartland Payment Systems lost 130 million payment card records generated by 250,000 merchants and restaurants in 2008 and 2009.
And it’s not just card processors that are being targeted. Last year hackers stole payment card information for more than 100 million customers of Sony’s Playstation Network.
And earlier this year, online shoe retailer Zappos disclosed that hackers took e-mail and shipping addresses, phone numbers and account passwords for some 24 million customers, data useful for identity theft.
“Any business that’s capturing payment data is a target,” says Mark Bower, analyst at Voltage Security.
Gangs are adept at quickly manufacturing fake debit cards to make large cash withdrawals from ATMS. In such cases the individual’s cash goes missing until a theft is reported and reimbursement carried out, which can take several days.
“You should always be watching your statements for unauthorized transactions; but right now people should be extra vigilant,” says Steve Coggeshall, chief technology officer at ID Analytics.