Visa says no new breach

Visa statement counters reports that a second payment processor was compromised.

Visa Inc. said recent alerts it sent to credit card issuers are not related to a new breach, countering reports that a second payment processor had been compromised.

SearchFinancialSecurity.com:
To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

In a statement issued Friday, San Francisco-based Visa said the alerts "were part of an existing investigation and are not related to a new compromise event."

Credit unions last week reported receiving alerts from Visa and MasterCard about credit and debit card accounts that were exposed in the breach of a payment processor. They reported that the compromise was unrelated to the breach announced by Heartland Payment Systems in January. Information about newly affected accounts was relayed to banks and credit unions Feb. 9, via Visa's Compromised Account Management System (CAMS). The system, which informs banks of compromised account numbers, gives issuers the ability to monitor, close, or block the compromised accounts.

Payment processor breach:
Credit unions confirm new processor credit card breach The Pennsylvania Credit Union Association and the Tuscaloosa, Ala. VA Federal Credit Union warn of a new payment processor data security breach.

Visa's statement did not say what existing investigation the alerts are related to and a company spokesman said he couldn't provide that detail.

"Visa has provided the affected accounts to financial institutions so they can take steps to protect consumers," the company said in its statement. "In addition, Visa is risk-scoring all transactions in real-time, helping card issuers better distinguish fraud transactions from legitimate ones."

Rich Mogull, an independent consultant and founder of security consultancy Securosis LLC said it's impossible to draw any conclusions based on the Visa statement.

"It doesn't say if the breach is public or not, so it may be older but not revealed yet," he wrote in an email. "In other words, it just adds to the confusion. I assume the full story will come out eventually, and since they don't identify the breach it's hard to really evaluate this at all."

Heartland disclosed Jan. 20 that its systems were compromised by a hacker in 2008. The breach forced hundreds of banks and credit unions to replace thousands of credit and debit cards.

Dig deeper on Debit and credit card fraud prevention

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchSecurity

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

ComputerWeekly

Close