All the sessions from Transform 2021 are available on-demand now. Watch now.
Cyber-criminals have stolen Visa and Mastercard credit-card data by hacking into payment processors in New York City parking garages. Visa confirmed that the data — enough to create counterfeit cards — was stolen, and both companies are doing damage control by alerting banks and credit unions for the 56,455 cards.
According to security researcher, Brian Krebs, a group of individuals have compromised the a payments processor, rumored to be Global Payments Inc. The group is believed to be New York-based, targeting the payment systems in New York garages. The criminals gained access through the processor to “Track 1 and Track 2 data,” which gives them enough information to make fraudulent purchases on the compromised cards.
Visa and Mastercard have alerted a number of banks and credit unions associated with the cards, warning that they should be on the lookout for fraud.
“Visa has provided payment card issuers with the affected account numbers so they can take steps to protect consumers through independent fraud monitoring and, if needed, reissuing cards,” the company said in a statement, “As always, Visa encourages cardholders to regularly monitor their accounts and to notify their issuing financial institution promptly of any unusual activity.”
The company takes a small jab at the individual business (potentially the NY garages themselves). It explains that each business accepting credit payments is responsible for updating its systems and putting in place the most recent security measures.
According to Krebs, the PSCU is saying 56,455 cards have been compromised, with only around 1.5 percent of those cards actually showing fraudulent charges. Joe Levy, chief technology officer of Solera Networks, believes there may be more to the hacks, which have occurred in the past in cases like Heartland Payment Systems.
“It would not be surprising if the investigation slowly reveals that the breach involved techniques such as web application exploitation, maneuvering from a compromised public system into the internal systems, and that the presence on the network was a longer-term than estimated,” said Levy in an e-mail. “These tend to be common characteristics of these kinds of events. And it underscores the fact that perimeter defenses are imperfect and will almost always be breached by a sufficiently motivated adversary.”
The hack has seemingly been isolated at the third-party payments processor, according to Visa. Visa’s own systems have not been compromised.
VentureBeatVentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact. Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:
- up-to-date information on the subjects of interest to you
- our newsletters
- gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
- networking features, and more