Card-Not-Present Fraud

Another Processor Breach Threatens Card-Not-Present Fraud

 

On the heels of the Heartland Payment Systems breach, another U.S. acquirer-processor has confirmed a network intrusion exposing primary card numbers and card expiration dates for card-not-present (CNP) transactions. Unlike the Heartland Payment breach, this breach does not expose magnetic stripe track data. The reported incident involves confirmed unauthorized access to a U.S. acquirer processor’s settlement system of stored transaction information that included Primary Account Numbers (PANs) and expiration dates.

 

As the entity involved has not yet issued a press release, Visa and MasterCard are unable to release the name of the merchant processor. It is important to note that this event is not related to the Heartland Payment Systems breach.

 

While it has been confirmed that malicious software was placed on the processor’s platform, there is no forensic evidence that accounts were viewed or taken by the hackers. Since the final forensic report has not been provided, there is no estimate available at this time of the number of accounts involved in this event. Law enforcement is activity engaged in an investigation into this situation.

 

Visa began releasing affected accounts on Monday, February 9, 2009 under CAMS event series US-2009-0088-IC. They expect to have all accounts released by Friday, February 13.

 

MasterCard began releasing accounts on Wednesday, February 11, 2009 under MC Alert series MCA0150-US-09. They have not provided any information as to when they expect to have all their accounts released.

 

The current window of exposure provided by both card associations is from February 2008 through January 2009.

We have not been notified that any of our cardholders have fraudulent activity due to this compromise. However, we are monitoring all cards for fraudulent activity and TVAFCU members may rest assured they will not be responsible for any fraudulent charges due to this compromise.

Tuscaloosa VA Federal Credit Union will keep it's members updated on the US-2009-0088-IC /MCA0150-US-09 databreach through the news section of our website.

We encourage the use of MasterCard SecureCode® and Verified by Visa® for safe online transactions.

To update your name, phone number, or address with Tuscaloosa VA Federal Credit Union, please follow the directions listed on our Change of Address form.

 

This article is intended for informational purposes only. Statements from this article may contain views and statements from other organizations.