June 20, 2005

MasterCard Hacked

Friday, news broke that Atlanta-based CardSystems was hacked by a Trojan Virus that exported data on up to 40 MILLION Credit Card Accounts to unknown sources. Today comes the kicker: CardSystems was not even supposed to keep the data in the first place: (From the New York Times)
Under rules established by Visa and MasterCard, processors are not allowed to retain cardholder information including names, account numbers, expiration dates and security codes after a transaction is handled.

"CardSystems provides services and is supposed to pass that information on to the banks and not keep it," said Joshua Peirez, a MasterCard senior vice president who has been involved with the investigation. "They were keeping it."

The official, John M. Perry, chief executive of CardSystems Solutions, indicated that the records known to have been stolen covered roughly 200,000 of the 40 million compromised credit card accounts, from Visa, MasterCard and other card issuers. He said the data was in a file being stored for "research purposes" to determine why certain transactions had registered as unauthorized or uncompleted.

So more than just a huge security breach that puts tens of thousands of credit card numbers up for sale on the black market, but one that was made possible because this company was illegally storing card data for it's own purposes. Once these rightful owners of these card numbers start getting unauthorized charges on their accounts, how long do you think it'll take before a class-action suit is opened?

No comments:

Post a Comment