Visa and MasterCard Warn of a Massive Data Breach at Global Payments

In the latter half of last week, Visa and MasterCard sent out notices to several banks asking them to verify a security breach. The massive scale of the breach generated enough noise to come to their notice, and although they did not name any credit card processor responsible for this breach, it has been identified recently as Global Payments.

Payment Processors are used to send your credit card information to a bank in an encrypted format, so that it stays safe from prying eyes. Most of the confirmed breach in this case are believed to have happened at parking garages across New York City area. This massive security breach has resulted in 10 million stolen credit card details . However, the worrisome part is that the breach facilitated enough data to be stolen, that counterfeit credit cards can be created from those details.
Global Payments has explained its position in the matter with a statement saying,

In early March 2012, the company determined card data may have been accessed. It immediately engaged external experts in information technology forensics and contacted federal law enforcement. The company promptly notified appropriate industry parties to allow them to minimize potentialcardholder impact. The company is continuing its investigation into this matter.

Payment processors form a critical part of payment systems and are the most attacked financial institutions too. Just last year, an Indian payment gateway took a hit that resulted from an SQL Injection attack. Credit Card information are extremely critical from a privacy perspective. In the event of a breach, the company should act responsibly and proactively, and should issue fair warnings and notices immediately. This goes a long way towards building trust in financial businesses. Kudos to Brian Krebs for bringing this to everyone’s notice.

Google Working on NFC Based Mobile Payments App for Android

Ever since Google launched the Nexus S with NFC support, there has been speculation that it was planning to jump into the mobile payments arena. It seems that Google has already been working on such a mobile payment system, according to a report by WSJ.

It has teamed up with Mastercard and Citigroup to create a system which would allow Android smartphone users to make purchases by waving their smartphones before a small reader when checking out. In the early stages, the mobile app will be available only for Citigroup credit/debit card users.

Google will use readers by Verifone, which is a major player in the mobile payments segment. The mobile payments app will be made available for “one current model and many coming models of Android phones”. The current model is most likely the Nexus S, since it is the only one to have NFC support.

Google will be handling all the shopping cart data as well as the shipping information. Google won’t be charging any transaction fee for acting as the intermediary, but it will be able to send targeted ads and offers to users of its application. If this service attracts a lot of users, Google will have access to a treasure trove of personal information. Google has also applied for a patent for a “distributed electronic commerce system with centralized point of purchase”.