Visa and MasterCard have begun to warn financial institutions, including credit unions and credit union payment CUSOs, that there has been yet another major breach at a card payments processor, according to Brian Krebs, a former Washington Post reporter who now publishes a blog, KrebsonSecurity, focusing on online security issues.
News Update, March 30, 2012: PSCU Confirms Card Breach
News Update, April 2, 2012: Global Payments Inc. Says Breach Contained
Citing unnamed sources, Krebs reported that the breach could be “massive,” that it appears to have taken place between Jan. 21 and Feb. 25, that it could involve tens of millions of cards and that the hackers appear to have obtained both track 1 and track 2 card data.
Having data from both card tracks enables thieves to create counterfeit cards more easily.
Krebs cited PSCU as one of the CUSOs that has alerted credit unions to the breach, but PSCU had not yet confirmed it on Friday.
“While the scope and details of the attack are not yet known, it shows that three years after the Heartland Payment Systems breach of 130 million credit card numbers, credit card data is still vulnerable,” wrote Neil Roiter, research director at Corero Network Security, about the breach.
“The Payment Card Industry Data Security Standard (PCI DSS) is highly prescriptive in nature, but simply complying does not ensure credit card security. Companies that rely on PCI DSS to solely dictate their security measures will continue to remain vulnerable to attack,” he added.