[ISN] Banks, Credit Card Firms Wait For The Other Shoe To Drop Amid Reports Of Another Payment Processor Breach

From: InfoSec News <alerts_at_private>
Date: Tue, 24 Feb 2009 04:48:26 -0600 (CST)

By Kelly Jackson Higgins
Feb 23, 2009 

Brace yourself for another payment-processor breach: A second U.S.-based 
payment acquirer/processor has been hit with a network hack that exposed 
consumers' credit card accounts.

As of this posting, the victim firm's identity had not been revealed. 
According to several credit unions, Visa recently alerted them that 
another payment processor had discovered a data breach. Among the credit 
unions issuing alerts about the breach on their Websites are The 
Tuscaloosa VA Federal Credit Union and the Pennsylvania Credit Union 
Association. The Open Security Foundation has a notice posted on its 
DataLossDB site.

The latest breach follows that of Heartland Payment Systems, which went 
public on Jan. 20 about discovering malware on its processing system; 
some security experts have called it the largest security breach ever. 
Heartland processes 100 million payment card transactions per month for 
175,000 merchants.

While details on the latest hack are still emerging, there is one known 
difference between it and Heartland's: This latest breach exposed 
so-called card-not-present transactions -- online and call-based 
transactions -- and not magnetic-stripe track data. Primary account 
numbers and expiration dates were stolen from the firm's settlement 
system, according to the Tuscaloosa VA Federal Credit Union.


Best Selling Security Books and More!
Received on Tue Feb 24 2009 - 02:48:26 PST

This archive was generated by hypermail 2.2.0 : Tue Feb 24 2009 - 02:50:26 PST