[ISN] 800 Visa cards blocked

From: InfoSec News (isnat_private)
Date: Wed May 07 2003 - 02:16:53 PDT

  • Next message: InfoSec News: "[ISN] Information Security Magazine Salary Survey"

    http://www.timesdispatch.com/business/MGB6S1MMEFD.html
    
    BY CAROL HAZARD
    TIMES-DISPATCH STAFF WRITER 
    May 07, 2003
     
    Stuck without a debit or credit card?
    
    Someone hacked into a merchant's computer system, compromising
    information on cards and leaving some bank and credit-union customers
    without use of cards with the Visa logo.
    
    Virginia Credit Union responded by blocking the use of 800 Visa cards,
    canceling the accounts and issuing new account numbers and cards. New
    cards should arrive in the mail this week.
     
    "The compromise occurred as a result of an intrusion into a merchant's
    data system and was not related to Virginia Credit Union or our card
    processor," the credit union wrote to members in a letter dated April
    30.
    
    "The intrusion does not, in and of it- self, mean that these cards
    will be involved in fraudulent activity, but it is possible. No
    fraudulent activity has occurred to date."
    
    Jean Holman, senior vice president at the credit union, said yesterday
    that some of the closed accounts were debit cards and others were
    credit cards, depending on which cards were used at the merchant.  
    Holman said she does not know who the merchant is.
    
    The credit union has 131,000 debit and credit cards, most carrying the
    Visa logo, so the percentage affected was relatively small. However,
    several financial institutions were apparently dealing with the same
    mishap.
    
    "It is important for U.S. cardholders to know they are fully protected
    by Visa's zero-liability policy, which means they pay nothing for an
    unauthorized purchase," Visa said in a statement regarding the
    infraction.
    
    "We are currently working with law enforcement and our member
    financial institutions in this matter to ensure the protection of our
    cardholders." Visa declined to say how many institutions or
    cardholders were affected.
    
    A similar incident occurred earlier this year. While this situation
    involves a merchant, the one in February had to do with a third-party
    processor. In that case, computer criminals gained access to details
    of 10.2 million Visa, MasterCard, American Express and Discover credit
    cards.
    
    Visa introduced new security measures to protect against card fraud
    and identity theft as a result of the February incident at Data
    Processor International. It also levied "substantial" fines against
    the company for the security breach but declined to say how much the
    fine was.
    
    John Hall, spokesman for the American Bankers Association, said he did
    not THEFTwant to minimize the consumer hassle in dealing with card
    fraud. However, consumers are not liable for card fraud, he said.
    
    People need to guard their account numbers, check their statements for
    unauthorized transactions and immediately report any unauthorized
    transactions to their financial institutions, Hall said.
    
    Losses from debit-card fraud totaled $157.1 million in 2001 (the most
    recent year available), compared with check fraud of $693 million in
    the same year, according to the American Bankers Association.
    
    Holman said the Virginia Credit Union, in addition to writing letters,
    called all 800 affected customers to inform them of the intrusion. She
    said people were grateful for the notice.
    
    Special arrangements were made for those who needed immediate use of
    their cards, she said.
    
    Contact Carol Hazard at (804) 775-8023 or chazardat_private
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Wed May 07 2003 - 04:44:48 PDT