|
Visa Confirms Another Payment Processor Breach |
|
|
|
Another payment processor has fallen victim to hackers, according to SC Magazine,a tyrade publication for IT security professionals. The magazine reported that the breach was confirmed by Visa in a conference call Feb.23, but the identity of the processor was not revealed.
Visa and MasterCard repotedly are notifying banks about accounts impacted by a "major compromise," unrelated to the massive Heartland Payment Systems incident announced last month, according to a number of credit unions and banking associations, the magazine said.
The hackers apparently breached the processor in the same way they infiltrated Heartland -- by placing malicious software on the network, according to an alert from the Pennsylvania Credit Union Association.
Visa reportedly hosted a conference call on Feb. 12 to notify member banks about the breach, which affected transactions made from February to August 2008. The incident involves account numbers and expiration dates, but no track data was compromised.
The victim in this case appears to be a provider that processes online transactions, said David Shettler, vice president and CTO of Open Security Foundation, a nonprofit that researches data breaches.
Visa and MasterCard began notifying card issuers about affected accounts on Feb. 9 and 13, respectively. It is unclear whether this processor was compliant with payment industry guidelines, the association said. Heartland was deemed Payment Card Industry Data Security Standard-certified (PCI DSS) when it announced its breach.
This marks the third data-loss incident to impact payment processors in the past three months. In December, RBS WorldPay disclosed a breach that affected some 1.5 million card users. Shettler said cybercriminals are zoning in on these entities because they deal with the most amount of information.
Visa said it was working with business and financial institutions to improve security measures.
|
