MasterCard Says 40 Million Files Put at Risk

By ERIC DASH and TOM ZELLER Jr. June 18, 2005

MasterCard International reported yesterday that more than 40 million credit card accounts of all brands might have been exposed to fraud through a computer security breach at a payment processing company, perhaps the largest case of stolen consumer data to date.

MasterCard said its analysts and law enforcement officials had identified a pattern of fraudulent charges that were traced to an intrusion at CardSystems Solutions of Tucson, Ariz., which processes more than $15 billion in payments for small to midsize merchants and financial institutions each year.

About 20 million Visa and 13.9 million MasterCard accounts were compromised; the other accounts belonged to American Express or Discover cardholders. The accounts affected included credit cards and certain kinds of debit cards. The F.B.I. said it was investigating.

A MasterCard spokeswoman, Sharon Gamsin, said an infiltrator had managed to place a computer code or script on the CardSystems network that made it possible to extract information. She would not elaborate on how long the breach might have lasted, on when the inquiry began or on whether any infiltrators had been identified. She did say that the breach occurred this year.

Deborah McCarley, a spokeswoman for the F.B.I. field office in Phoenix, said that her agency was trying to establish the scope of the breach and that "the investigation is just beginning."

MasterCard said its investigation found that CardSystems, in violation of MasterCard's rules, was storing cardholders' account numbers and security codes on its computer systems. That information, MasterCard said, was supposed to be transferred to the bank handling the merchants' transactions but not retained by CardSystems.

formatting link

Reply to
Monty Solomon
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.