As Brian Krebs made us all aware earlier today, Visa and MasterCard have been notifying financial institutions about a payment processor breach that may affect millions of people.
For those who are relatively new to these things, this is not a breach at Visa or MasterCard. It appears to be a breach at an as yet unnamed payment processor who may handle transactions for numerous merchants or entities. Eventually, we will find out who that processor is because it will come out in mandatory breach notifications, but for now, the important thing is that financial institutions are reaching out to consumers who may be affected. Once again, I suspect we’ll see some institutions proactively canceling and replacing all cards that may be affected while others take a watch closely but don’t cancel yet approach.
In response to a request from this blog, Visa sent DataBreaches.net the following statement:
Visa Inc. is aware of a potential data compromise incident at a third party entity affecting card account information from all major card brands. There has been no breach of Visa systems, including its core processing network VisaNet.
Visa has provided payment card issuers with the affected account numbers so they can take steps to protect consumers through independent fraud monitoring and, if needed, reissuing cards.
It’s important for U.S. Visa consumer cardholders to know they are protected against fraudulent purchases with Visa’s zero liability fraud protection policy, which exceeds federal safeguards. As always, Visa encourage cardholders to regularly monitor their accounts and to notify their issuing financial institution promptly of any unusual activity. Additional consumer security tips are available at www.VisaSecuritySense.com.
Every business that handles payment card information is expected to protect the security and privacy of their customers’ financial information by adhering to the highest data protection standards. Visa also supports advanced security layers such as encryption, tokenization and dynamic authentication through EMV chip technology to further protect sensitive account information and minimize the impact of data compromises.
While Visa’s statement does not provide any numbers or much detail, it seems that this affects cards other than just Visa and MasterCard.