The credit card giants admitted today (18 February) that a computer hacker had gained access to more than 5.4 million credit card accounts, although they said none of the information had been used in a fraudulent way.
The hacker had breached the security system of a third-party payment card processor to gain access to credit card numbers, Visa and MasterCard said.
Both companies said they immediately alerted the affected banks that issued the cards. “Visa's fraud team immediately notified all affected card issuing financial institutions and is working with the third-party payment card processor to protect against the threat of a future intrusion. Visa will continue to monitor the situation and the potentially compromised accounts.”
Security consultancy mi2g said its research has consistently shown that Brazilian, US and European criminal syndicates have been carrying out credit card and identity theft in increasing numbers by targeting the proliferating e-commerce suppliers and their credit card settlement agents.
“Now that the $2tn per annum credit card settlement backbone is internet-enabled and e-commerce via the web is growing exponentially, the number of such cases that will come to light in the area of credit card fraud and piracy are likely to rise significantly,” mi2g said.
The mainstream databases, Microsoft SQL, Oracle or IBM DB/2 - where such information is stored - still exhibit vulnerabilities, the company said. In addition, it said, patches and necessary encryption regimes are not always appropriately applied by all suppliers.
“There is still an inadequate understanding in industry on how to protect credit card data and personal profiles,” mi2g warned.