NEW YORK (CNN/Money) - A security breach has occurred at a third-part
processor of payment card transactions that affects over 40 millio
card accounts, Mastercard International said Friday.

Of the cards involved, 13.9 million were MasterCard-branded cards
which include Maestro and Cirrus, and 22 million were Visa cards, sai
Visa spokeswoman Rhonda Bentz.

The breach took place at the Tucson office of CardSystems Solutions
which processes transactions on behalf of financial institutions an
merchants. CardSystems said in a statement that it identified th
breach on May 22 and contacted the FBI the next day.

Mastercard learned the final details of the breach this week, accordin
to spokeswoman Jessica Antle. "It looks like a hacker gained access t
CardSystems' database and installed a script that acts like a virus
searching out certain types of card transaction data."

"We're working with the FBI. It's a criminal investigation," Visa'
Bentz said, noting that CardSystems "was out of compliance" with Visa'
security standards when the breach occurred and that Visa would revie
whether it would continue to work with CardSystems when the case i
resolved.

CardSystems said it has taken measures since discovery of the breach t
enhance its security procedures.

Mastercard said in a statement that it is giving CardSystems "a limite
amount of time to demonstrate compliance with Mastercard securit
requirements."

FBI spokesman Rex Tomb couldn't give more details about the case
saying only that "we're looking into it. But there's nothing more w
can say at this time. It's a pending case."

MasterCard said it is giving member financial institutions the specifi
card account numbers that may have been compromised.

The credit card information exposed in the breach did not include an
Social Security numbers, birth dates or other highly sensitive persona
data, Mastercard said.

Consumers receive protection if unauthorized charges are made on thei
credit cards. MasterCard and Visa, for instance, have zero-liabilit
policies.

Bentz said Visa will be monitoring the accounts closely and should kno
before cardholders if there has been any fraudulent activity. Thus far
she said, "We haven't seen anything outside of the norm."

If ever you notice unauthorized charges on your credit card, you shoul
notify your card issuer immediately.

The breach reported by Mastercard on Friday is one in a long line o
breaches reported this year by consumer data aggregators lik
ChoicePoint, retailers such as DSW and corporations such as Tim
Warner, parent company of CNN/Money.com.

Rather than a rash of illicit activity, experts say, the slew o
reports may have more to do with companies wishing to protec
themselves in the wake of a California state law requiring businesse
to notify its customers when their personal information has bee
exposed in a security breach.

Illinois this week became the second state to pass such a law.

http://money.cnn.com/2005/06/17/news...dex.htm?cnn=ye

--
suvarna.skhekha
-----------------------------------------------------------------------
suvarna.skhekhar's Profile: http://forums.techarena.in/member.php?userid=364
View this thread: http://forums.techarena.in/showthread.php?t=23086
Visit - http://forums.techarena.in/archive/index.php/ | http://www.techarena.i

"suvarna.skhekhar" wrote:

Of what use could someone make if they knew your credit-card number?
Most (or all) purchases made over the phone (or on-line) will ask for
your expiry date, and even the billing address of the card. Sometimes
you will even be asked for the 3-digit code that only printed on the
back of the physical card.

News reports haven't said if the stolen information contains the
expiry date or billing address of the cards.

Ha.

All card-holders will eventually pay for unrecoverable purchases made
using the stolen information. They will pay by increased interest
rates or other charges or fees, or they will raise the rate charges to
vendors.

On Sun, 19 Jun 2005 10:03:00 +0530, suvarna.skhekhar
<suvarna.skhekhar.1quwpa@DoNotSpam.com> wrote:

All the more reason to have a reporting agency send you an alert each
time something substantial happens to your credit report.

Has anyone seen that scene in the movie "Hannibal" where Dr. Lector
exacts revenge on the FBI agent for framing Clarice?


--

Map of the Vast Right Wing Conspiracy
http://home.houston.rr.com/rkba/vrwc.html

"Whatever crushes individuality is despotism."
--John Stuart Mill, "On Liberty"

On Sun, 19 Jun 2005 09:29:15 -0400, Virus Guy wrote in
<news:42B5732B.EBEACCCA@Guy.com>:

The following quote from a New York Times article on this issue
indicates that expiration dates were stolen. It doesn't mention billing
addresses.
http://www.nytimes.com/2005/06/18/bu...html?th&emc=th

< begin quote >
MasterCard said an unauthorized person was able to exploit the security
vulnerability and gain access to CardSystems' network, exposing
cardholders' names, account numbers and expiration dates as well as the
security code, typically three or four digits also printed on the credit
card.
< end quote >

"suvarna.skhekhar" <suvarna.skhekhar.1quwpa@DoNotSpam.com> wrote in
message news:suvarna.skhekhar.1quwpa@DoNotSpam.com...

I heard this on CNN and had to laugh. It's almost as funny as the AOL
commercial that says spam can cause viruses.

On that special day, Roger Wilco, (yesman@yourservice.invalid) said...

In fact some does, indirectly. I've already received mails of the "you
must visit this" kind, which containes links to treacherous web sites,
which in turn would abuse IE vulnerabilities, to download a program on
my harddisk and place it in the autorun section.

A small downloader of say, 12 kb size would be enough, to fetch even
more stuff and infest your hard disk thoroughly. And if the machine is
in the hands of such a spammer, it can be used for anything, including
mass mails and the initial distribution of new worm generations.

So in a very *very* simplified way, AOL is right.


Gabriele Neukam

Gabriele.Spamfighter.Neukam@t-online.de


--
Ah, Information. A property, too valuable these days, to give it away,
just so, at no cost.

On Mon, 20 Jun 2005 16:53:34 +0200, Gabriele Neukam
<Gabriele.Spamfighter.Neukam@t-online.de> wrote:

Then don't use IE. Use Mozilla.


--

Map of the Vast Right Wing Conspiracy
http://home.houston.rr.com/rkba/vrwc.html

"Whatever crushes individuality is despotism."
--John Stuart Mill, "On Liberty"

"Gabriele Neukam" <Gabriele.Spamfighter.Neukam@t-online.de> wrote in
message news:d96l8c$vbc$01$1@news.t-online.com...
)

Yeah, you can "get" a virus this way - but viruses are caused by the
virus writer. They can be distributed from an actual spammer, but
viruses are not "unsolicited commercial e-mail" nor do they actually fit
any of the more recent definitions of spam except for the 'so many
messages in so much time to so many destinations' is "spam" no matter
what causes it'. You may as well say viruses are caused by programs.

And as for CNN - - if something is "like a virus" it would have to "be"
a virus wouldn't it?

On that special day, Roger Wilco, (yesman@yourservice.invalid) said...

Mostly, yes, but look at this case.

http://www.viruslist.com/en/viruses/...?virusid=80864

Which was the update of

http://www.viruslist.com/en/viruses/...?virusid=79908

ie the latter one spread for a while, then stopped and downloaded the
former and installed it to replace itself, and the new version became
active on the next monday.


Gabriele Neukam

Gabriele.Spamfighter.Neukam@t-online.de


--
Ah, Information. A property, too valuable these days, to give it away,
just so, at no cost.

"Gabriele Neukam" <Gabriele.Spamfighter.Neukam@t-online.de> wrote in
message news:d99fhq$k2k$03$2@news.t-online.com...
An interesting interplay, but when a worm downloads something, what it
downloads is not necessarily a virus. It "gets replicated" rather than
"replicates itself" (multiple downloads - network replication). It is
funny that the site mentions the non-replicating malware file as "worm"
and as "virus" even though they clearly state it isn't a
self-replicator.

To be a virus it must self-replicate.
To be like a virus, it must, like, self-replicate? ))