In the latter half of last week, Visa and MasterCard sent out notices to several banks asking them to verify a security breach. The massive scale of the breach generated enough noise to come to their notice, and although they did not name any credit card processor responsible for this breach, it has been identified recently as Global Payments.
Payment Processors are used to send your credit card information to a bank in an encrypted format, so that it stays safe from prying eyes. Most of the confirmed breach in this case are believed to have happened at parking garages across New York City area. This massive security breach has resulted in 10 million stolen credit card details . However, the worrisome part is that the breach facilitated enough data to be stolen, that counterfeit credit cards can be created from those details.
Global Payments has explained its position in the matter with a statement saying,
In early March 2012, the company determined card data may have been accessed. It immediately engaged external experts in information technology forensics and contacted federal law enforcement. The company promptly notified appropriate industry parties to allow them to minimize potentialcardholder impact. The company is continuing its investigation into this matter.
Payment processors form a critical part of payment systems and are the most attacked financial institutions too. Just last year, an Indian payment gateway took a hit that resulted from an SQL Injection attack. Credit Card information are extremely critical from a privacy perspective. In the event of a breach, the company should act responsibly and proactively, and should issue fair warnings and notices immediately. This goes a long way towards building trust in financial businesses. Kudos to Brian Krebs for bringing this to everyone’s notice.