Security breaches are become a common thing these days. They hit the front page only when the size or importance of the breach become huge. The recent security breach at the Global Payments made its way to the front page for the oblivious reason, which is nothing but the size of the breach.
Initially the size of the breach is estimated to be 10 million, later it identified as 1.5 million credit cards are affected. Even a security breach of 1.5 million credit cards is not a good news for any credit card holder.You and I are possible victims of this security breach. Visa has issued the following statement about the breach
.Visa Inc. is aware of a potential data compromise incident at a third party entity affecting card account information from all major card brands. There has been no breach of Visa systems, including its core processing network VisaNet.
Visa has provided payment card issuers with the affected account numbers so they can take steps to protect consumers through independent fraud monitoring and, if needed, reissuing cards.
It.s important for U.S. Visa consumer cardholders to know they are protected against fraudulent purchases with Visa.s zero liability fraud protection policy, which exceeds federal safeguards. As always, Visa encourages cardholders to regularly monitor their accounts and to notify their issuing financial institution promptly of any unusual activity. Additional consumer security tips are available at www.VisaSecuritySense.com.
Every business that handles payment card information is expected to protect the security and privacy of their customers. financial information by adhering to the highest data protection standards. Visa also supports advanced security layers such as encryption, tokenization and dynamic authentication through EMV chip technology to further protect sensitive account information and minimize the impact of data compromises..
Global Payments said in a statement that while enough data was taken from each account to make fraudulent transactions, the cardholders. .names, addresses and social security numbers were not obtained by the criminals,. which may limit how the stolen data can be used.
How did it impact Global Payments
- Trading has now been halted in Global Payments. stock. The stock has fallen down by 9% before that.
- The card company removed Global Payments from its list of .approved. processors Sunday, a move that doesn.t prevent vendors who use the payment processor from making Visa transactions, but may damage the processor.s reputation among its customers.
- VISA strips PCI Compliance status from Global Payments
- Penalties would be imposed on Global Payments in due course of time.
It is rumoured that the breach includes card numbers and track data. As per the PCI compliance requirements, the track data should not be stored. If it is not being stored, as they used to be PCI compliant, how is that a hacker obtain the same? Web based transactions never uses track data and the only possible area of compromise is the POS based transactions. As they are not expected to store the track data, the only possible way is to obtain the same during transmission. Now the other catch, PCI demands encryption for transmission when data is transmitted over public networks.
It would be interesting to see how the attackers got this data, if the rumour turns to be true.