Credit card giant Visa confirmed to Raw Story on Friday morning that previously unacknowledged whispers of a major hack on a third party credit card processor were true. That hack, which resulted in a series of breaches earlier this year, is rumored to have exposed more than 10 million accounts to cyber criminals.
Banking industry insiders have been whispering about a series of major breaches at a credit card processing company used by both Visa and MasterCard, and several individuals leaked information earlier this week about the hack to a highly cited cyber security expert.
While neither company is saying which processing company was hacked, financial industry insiders who remain nameless told tech reporter Brian Krebs that up to 10 million accounts may have been exposed earlier this year, putting enough information in the hands of hackers to create a seemingly endless stream of counterfeit cards.
Krebs’ sources claimed that Visa and MasterCard have been warning the world’s largest banks to be on the lookout for fraudulent transactions stemming from the hack, leading ZDNet reporter Emil Protalinski to seek confirmation from his sources. Avivah Litan, a vice president at IT consulting firm Gartner, gave him that confirmation, saying he’s already seeing banking clients scramble to crunch data on suspicious transactions.
In a statement to Raw Story Friday morning, Visa spokeswoman Sandra Chu acknowledged that they are warning banks about the breach, insisting that the hack did not affect their internal systems.
“Visa Inc. is aware of a potential data compromise incident at a third party entity affecting card account information from all major card brands,” she wrote. “There has been no breach of Visa systems, including its core processing network VisaNet. Visa has provided payment card issuers with the affected account numbers so they can take steps to protect consumers through independent fraud monitoring and, if needed, reissuing cards.”
She added that Visa customers are protected by the company’s zero fraud liability protection program, but still urged cardholders to monitor their accounts for strange transactions.
“Every business that handles payment card information is expected to protect the security and privacy of their customers’ financial information by adhering to the highest data protection standards,” she concluded. “Visa also supports advanced security layers such as encryption, tokenization and dynamic authentication through EMV chip technology to further protect sensitive account information and minimize the impact of data compromises.”
“From what I hear, the breach involves a taxi and parking garage company in the New York City area so if you’ve paid a NYC cab in the last few months with your credit or debit card – be sure to check your card statements for possible fraud,” Litan told Protalinski.
That would seem to correlate with information from the original sources, who warned that a pattern of suspicious transactions had been spotted “in parking garages in and around the New York City area,” Krebs wrote.
“One interesting twist again sheds light on the fact that knowledge-based authentication should not be relied upon,” Litan added. “I heard (and this may not be factual) that the crime was perpetrated by a Central American gang that broke into the company’s system by answering the application’s knowledge-based authentication questions correctly. Looks like the hackers took over an administrative account that was not protected sufficiently.”
The hack represents the first globally significant breach of credit card systems since hacker Alberto Gonzales admitted in 2010 to obtaining more than 130 million credit card numbers by breaching the systems of various retailers. He later claimed that his actions were authorized by the U.S. Secret Service. The agency, which investigates financial fraud, admitted that they gave him a chance to reveal other cyber criminals, but denied that they would ever allow someone to carry on a criminal enterprise at that scale.
MasterCard did not respond to a request for comment.
Stephen C. Webster is the senior editor of Raw Story, and is based out of Austin, Texas. He previously worked as the associate editor of The Lone Star Iconoclast in Crawford, Texas, where he covered state politics and the peace movement’s resurgence at the start of the Iraq war. Webster has also contributed to publications such as True/Slant, Austin Monthly, The Dallas Business Journal, The Dallas Morning News, Fort Worth Weekly, The News Connection and others. Follow him on Twitter at @StephenCWebster.
Raw Story is a progressive news site that focuses on stories often ignored in the mainstream media. While giving coverage to the big stories of the day, we also bring our readers' attention to policy, politics, legal and human rights stories that get ignored in an infotainment culture driven solely by pageviews.
Founded in 2004, Raw Story reaches 5 million unique readers per month and serves more than 19 million pageviews.