Visa says no new breach

By By Marcia Savage, Features Editor, Information Security magazine 02 Mar 2009 | SearchFinancialSecurity.com

Enterprise IT news roundup Digg This!     StumbleUpon     Del.icio.us

Visa Inc. said recent alerts it sent to credit card issuers are not related to a new breach, countering reports that a second payment processor had been compromised.

SearchFinancialSecurity.com: To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

In a statement issued Friday, San Francisco-based Visa said the alerts "were part of an existing investigation and are not related to a new compromise event."

Credit unions last week reported receiving alerts from Visa and MasterCard about credit and debit card accounts that were exposed in the breach of a payment processor. They reported that the compromise was unrelated to the breach announced by Heartland Payment Systems in January. Information about newly affected accounts was relayed to banks and credit unions Feb. 9, via Visa's Compromised Account Management System (CAMS). The system, which informs banks of compromised account numbers, gives issuers the ability to monitor, close, or block the compromised accounts.

Payment processor breach: Credit unions confirm new processor credit card breach The Pennsylvania Credit Union Association and the Tuscaloosa, Ala. VA Federal Credit Union warn of a new payment processor data security breach.

Visa's statement did not say what existing investigation the alerts are related to and a company spokesman said he couldn't provide that detail.

"Visa has provided the affected accounts to financial institutions so they can take steps to protect consumers," the company said in its statement. "In addition, Visa is risk-scoring all transactions in real-time, helping card issuers better distinguish fraud transactions from legitimate ones."

Rich Mogull, an independent consultant and founder of security consultancy Securosis LLC said it's impossible to draw any conclusions based on the Visa statement.

"It doesn't say if the breach is public or not, so it may be older but not revealed yet," he wrote in an email. "In other words, it just adds to the confusion. I assume the full story will come out eventually, and since they don't identify the breach it's hard to really evaluate this at all."

Heartland disclosed Jan. 20 that its systems were compromised by a hacker in 2008. The breach forced hundreds of banks and credit unions to replace thousands of credit and debit cards.

Tags: Debit and credit card fraud prevention,  Data breaches and prevention strategies,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Debit and credit card fraud prevention Bank Trojan used against German accounts evades antifraud systems California man sentenced in online brokerage scam Identity Theft Assistance Center marks five years of helping victims Fighting fraud: Understanding technology and threats Defendants in banking fraud scheme accused of exploiting regulation Credit union launches online banking suite with strong authentication Winning the war: Personal information protection ATM malware used in Russia lets attackers control machines When security outweighs common sense Diebold ATMs in Russia targeted with malware Data breaches and prevention strategies Bank computer technician indicted in identity theft scheme Survey: Consumers don't trust banks to keep their data secure ChoicePoint settles with FTC over second data security breach Data breach lawsuit puts spotlight on bank's security measures Google ordered to deactivate Gmail account after bank email error Threat of insider fraud growing with bad economy Data breach protection: Implementing vendor breach safeguards Zeus Trojan hitting banking customers hard TJX settles with banks for $525,000 RBS WorldPay agrees to market VeriFone end-to-end encryption

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary card verification value  (SearchFinancialSecurity.com) PAN truncation  (SearchFinancialSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary