Visa Inc. said recent alerts it sent to credit card issuers are not related to a new breach, countering reports that a second payment processor had been compromised.
In a statement issued Friday, San Francisco-based Visa said the alerts "were part of an existing investigation and are not related to a new compromise event."
Credit unions last week reported receiving alerts from Visa and MasterCard about credit and debit card accounts that were exposed in the breach of a payment processor. They reported that the compromise was unrelated to the breach announced by Heartland Payment Systems in January. Information about newly affected accounts was relayed to banks and credit unions Feb. 9, via Visa's Compromised Account Management System (CAMS). The system, which informs banks of compromised account numbers, gives issuers the ability to monitor, close, or block the compromised accounts.
Visa's statement did not say what existing investigation the alerts are related to and a company spokesman said he couldn't provide that detail.
"Visa has provided the affected accounts to financial institutions so they can take steps to protect consumers," the company said in its statement. "In addition, Visa is risk-scoring all transactions in real-time, helping card issuers better distinguish fraud transactions from legitimate ones."
Rich Mogull, an independent consultant and founder of security consultancy Securosis LLC said it's impossible to draw any conclusions based on the Visa statement.
"It doesn't say if the breach is public or not, so it may be older but not revealed yet," he wrote in an email. "In other words, it just adds to the confusion. I assume the full story will come out eventually, and since they don't identify the breach it's hard to really evaluate this at all."
Heartland disclosed Jan. 20 that its systems were compromised by a hacker in 2008. The breach forced hundreds of banks and credit unions to replace thousands of credit and debit cards.