VISA & MASTERCARD breach raises Security doubts on standard compliance

The Krebs on Security blog reported that there has been a security breach at Global Payments that “may involve more than 10 million compromised card numbers.”  We are facing with a massive breach that could impact more over 10 million compromised card numbers, for this reason VISA and MasterCard are alerting banks across US about the event and the related risks.

Brian Krebs is the first expert to publish news on the breach noting the that MasterCard and Visa have disclosed non-public alerts warning of a possible risks arising the data exposure.

Global Payments handled $120.6 billion in Visa and MasterCard card volume, up 11% from the prior year, according to Nilson. It competes against First Data Corp. and units of big banks including Bank of America, J.P. Morgan and Citigroup Inc. C +0.11% to process transactions.

Global Payments (GPN) discovered the breach in the beginning of March 2012, the card associations have dated the breach between Jan. 21, 2012 and Feb. 25, 2012. According the warning to the banks the Track 1 and Track 2 have exploited, this tracks are used to store information of the card, this means the a criminal could use the stolen information to clone the card.

The Wall Street Journal is one of the first newspaper to report that the breached processor was Global Payments Inc., which processes credit and debit cards for banks and merchants. Atlanta based processor Global Payments confirmed yesterday the breach via press release, following the info reported:

“Global Payments Inc. (NYSE: GPN), a leader in payment processing services, announced it identified and self-reported unauthorized access into a portion of its processing system.  In early March 2012, the company determined card data may have been accessed.  It immediately engaged external experts in information technology forensics and contacted federal law enforcement. The company promptly notified appropriate industry parties to allow them to minimize potential cardholder impact.  The company is continuing its investigation into this matter.

“It is reassuring that our security processes detected an intrusion.  It is crucial to understand that this incident does not involve our merchants or their relationships with their customers,” said Chairman and CEO Paul R. Garcia.

It promised to release more details in a conference call with investors on Monday morning. Security Expert have immediately started the investigations on the transaction data on the compromised cards trying to discover common factors, sources at two different major financial institutions said the transactions that most of the cards they analyzed seem to have in common are that they were used in parking garages in and around the New York City area.

Global Payments Inc. (NYSE: GPN), a leader in payment processing services, announced it identified and self-reported unauthorized access into a portion of its processing system.  This is not the first time that a breach is observed in the payment world, last June Citibank breach exposed 360,000 accounts but only 3,400 accounts resulted in fraudulent losses that cost Citi, not consumers, $2.7 million.

Once again, a cyber threat shakes the banking world after significant data breach andthe damages caused by viruses such as Zeus.

The biggest breach was related the Heartland Payment Systems (NYSE: HPY) company announced in January 2009 with more over that 130 million credit and debit cards exposed. The breach cost Heartland at least $140 million in fraud redemption, fines, and legal fees.

Again, according to Krebs, “Global Payments will hold a conference call Monday, April 2, 2012 at 8:00 AM EDT. Callers may access the conference call via the investor relations page of the Company’s Web site atwww.globalpaymentsinc.com by clicking the ‘Webcast’ button; or callers in North America may dial 1-888-895-3550 and callers outside North America may dial 1-706-758-8809 . The pass code is ‘GPN.’”

Of course VISA and Mastercard are working hard to discover the real entity of the breach and in the same time they are alerting its customers on the possible fraud.

Visa has specified that the breach has not interested its internal systems neither its network, however it could have serious impact on the credit card payment word with serious impact on third parts companies. The Visa has provided payment card issuers with the affected account numbers to the involved companies so they can start procedures to protect consumers.

U.S. Visa consumer cardholders are protected against similar incidents and frauds with Visa’s zero liability fraud protection policy, which exceeds federal safeguards, anyway Visa suggests cardholders to regularly monitor their accounts alerting their issuing financial institution promptly on any suspected activity.

Visa also supports advanced security layers such as encryption, tokenization and dynamic authentication through EMV chip technology to further protect sensitive account information and minimize the impact of data compromises.”

What is really strange is that the Heartland company was compliant to the Payment Card Industry Data Security Standard (PCI DSS) at the time of its breach. The cause of its breach was a simple SQL injection attack raising doubts at how compliant Heartland had remained after its audit.

The cause of Global Payments’ breach hasn’t been confirmed but several hypotheses have been proposed, the most interesting of which says that the breach was caused by improper employee security that may have lead to malware inside internal networks.  We have learned from similar cases that is sufficient to open an infected attachment in an email to expose the entire infrastructure of a company.

Regarding the specific case we have to wait for the official communications of the GPN and further results of the specialist’s researches on the case.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – VISA, Mastercard)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

American fast-fashion firm Hot Topic hit by credential stuffing attacks

Hot Topic suffered credential stuffing attacks that exposed customers' personal information and partial payment data.…

4 hours ago

Cisco addressed high-severity flaws in IOS and IOS XE software

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…

18 hours ago

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

1 day ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

1 day ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

2 days ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

2 days ago

This website uses cookies.