Smart SpendingSmart Spending

More credit, debit cards at risk?

Details are still unclear on the security breach that may have compromised Visa, MasterCard and Discover credit and debit cards accounts.

By Giselle Smith Apr 2, 2012 5:07PM

Despite assurances from the card-processing company that a data breach that came to light Friday has been contained, security experts are urging credit and debit card users to be cautious.


Image: Credit card (© Fancy/Veer/Corbis/Corbis)A "massive" data breach was originally reported last week by Krebs on Security. Meanwhile, The Wall Street Journal reported that Atlanta-based Global Payments, a company that processes credit and debit transactions for banks and merchants, had acknowledged a security breach.


Global Payments said Sunday that fewer than 1.5 million account numbers had been "exported" and that the security breach had been contained. The company also launched a site to answer questions from consumers and merchants.


Discrepancies between the information released by MasterCard and Visa and that from Global Payments has led some security experts to question whether more than one breach may have occurred, possibly involving other processors.


"Sounds like there's a lot more going on out there than the payment industry and law enforcement have nailed down and are prepared to talk about," blogged Gartner security analyst Avivah Litan, following a Global Payments conference call this morning.


What happened

Global Payments has not announced how hackers obtained access to its information, and investigations are continuing. (Post continues below.)

Although credit and debit card numbers were exported, no cardholder names, addresses or Social Security numbers were accessed, Global Payments said. Stolen card numbers can be used to create counterfeit cards but are not enough for someone to steal your identity, CNNMoney says.


Over the weekend, Visa removed Global Payments from its list of hundreds of approved service providers to process electronic payments for banks and merchants, although the company continues to process Visa payments. Visa has said Global Payments should submit validation that it is complying with industry security standards, according to The Wall Street Journal:

The move by Visa, which is rare in the industry, essentially serves as a warning to merchants that Global Payments, which processes credit, debit and gift card transactions, no longer meets Visa's standards for security. It isn't clear if Visa has knowledge of a hole in Global Payments' security network that allowed intruders to access information.

MasterCard has not pulled its approval of the processor but is awaiting the results of an external independent forensics firm's investigation of the breach, according to the Journal.


What you should do

If the Global Payments breach is an isolated incident, the 1.5 million cards represent a small fraction of the credit and debit cards in circulation in the U.S. That total is more than 1 billion, according to The Nilson Report (.pdf file), a trade publication that covers the payment systems business.


That's small comfort if your card is among those compromised, however.


If your card issuer has reason to suspect that your account was affected by the security breach, you will be contacted, and your card may be reissued. 

Global Payments' site also advises that "if you believe your credit card information is at risk, immediately contact your card-issuing institution or bank and all other relevant financial institutions."


According to the Federal Trade Commission, cardholders are liable for only $50 in unauthorized charges on stolen credit cards and have no liability for unauthorized use if a credit card number, but not the actual card, was stolen.


Similar limitations are in place for debit cards. However, it can take much longer to clear up unauthorized use of a debit card account because when you use a debit card, the money is taken directly out of your account.


More on MSN Money:

Apr 3, 2012 11:59AM
These breaches occur more often than made public. I have discovered my credit card account closed when logged on line into it. My account was missing. Called bank customer service, informed that they had been a security breach and they were in process of opening up a new account and issuing a new credit card. The breached had been discovered within the hour that I logged in. Asked what retailer or company was hacked, it was against there policy to reveal. 
Please help us to maintain a healthy and vibrant community by reporting any illegal or inappropriate behavior. If you believe a message violates theCode of Conductplease use this form to notify the moderators. They will investigate your report and take appropriate action. If necessary, they report all illegal activity to the proper authorities.
100 character limit
Are you sure you want to delete this comment?


Copyright © 2014 Microsoft. All rights reserved.

Fundamental company data and historical chart data provided by Morningstar Inc. Real-time index quotes and delayed quotes supplied by Morningstar Inc. Quotes delayed by up to 15 minutes, except where indicated otherwise. Fund summary, fund performance and dividend data provided by Morningstar Inc. Analyst recommendations provided by Zacks Investment Research. StockScouter data provided by Verus Analytics. IPO data provided by Hoover's Inc. Index membership data provided by Morningstar Inc.


Smart Spending brings you the best money-saving tips from MSN Money and the rest of the Web. Join the conversation on Facebook and follow us on Twitter.