NEW YORK (2/24/09)--Another payment processor has been hit with a data breach that is affecting credit unions and banks. It is the third major breach of a card processor since December and comes on the heels of what may be the largest data breach in history, the Heartland Payment Systems breach.
Visa and MasterCard began notifying banks and credit unions Feb. 9 about credit and debit card accounts that were exposed in the most recent breach, involving a payment processor that they did not identify by name (SearchFinancialSecurity.com Feb. 23).
The Pennsylvania Credit Union Association and Tuscaloosa (Ala.) VA FCU posted messages on their websites that a breach investigation is under way. Visa informed banks and credit unions that a vulnerability left potentially thousands of credit and debit card numbers exposed between February 2008 through January 2009, according to an alert from Tuscaloosa VA FCU.
The report indicated the breach isn't as serious as the breach announced Jan. 20 by Heartland Payment Systems, but said that malicious software was placed on the processor's platform. There is no evidence so far that accounts were viewed or taken by the hackers, said the Tuscaloosa VA FCU.
Computerworld (Feb. 23) said the notifications from the card companies indicated that as with the Heartland Payment Systems breach, no unencrypted personal identification numbers (PINs), card verification codes or customer Social Security numbers were exposed. It also didn't involve magnetic stripe data on the back of the cards.
Alabama CU, also of Tuscaloosa, said Thursday it had been notified Feb. 17 of a breach at an unknown card processor. "We have been notified by Visa that a lengthy list of Visa ATM/debit card numbers was included as part of a data breach at an unknown vendor's location," said the credit union.
The fraudulent transactions are primarily characterized as purchases of prepaid phone cards, prepaid gift cards, and money orders from Wal-Mart, and usually occur in $100 increments, said the credit union.
As a result, Alabama CU decided to limit purchases on its cards to $99 per day. Replacement cards have been ordered for every card that is blocked. Cardholders will still be able to conduct PIN-based ATM transactions, up to $500 per day or the limit permitted by the ATMs.
courtesy of cuna.org