More credit, debit cards at risk?

Despite assurances from the card-processing company that a data breach that came to light Friday has been contained, security experts are urging credit and debit card users to be cautious.

A "massive" data breach was originally reported last week by Krebs on Security. Meanwhile, The Wall Street Journal reported that Atlanta-based Global Payments, a company that processes credit and debit transactions for banks and merchants, had acknowledged a security breach.

Global Payments said Sunday that fewer than 1.5 million account numbers had been "exported" and that the security breach had been contained. The company also launched a site to answer questions from consumers and merchants.

Discrepancies between the information released by MasterCard and Visa and that from Global Payments has led some security experts to question whether more than one breach may have occurred, possibly involving other processors.

"Sounds like there's a lot more going on out there than the payment industry and law enforcement have nailed down and are prepared to talk about," blogged Gartner security analyst Avivah Litan, following a Global Payments conference call this morning.

What happened

Global Payments has not announced how hackers obtained access to its information, and investigations are continuing. (Post continues below.)

Although credit and debit card numbers were exported, no cardholder names, addresses or Social Security numbers were accessed, Global Payments said. Stolen card numbers can be used to create counterfeit cards but are not enough for someone to steal your identity, CNNMoney says.

Over the weekend, Visa removed Global Payments from its list of hundreds of approved service providers to process electronic payments for banks and merchants, although the company continues to process Visa payments. Visa has said Global Payments should submit validation that it is complying with industry security standards, according to The Wall Street Journal:

The move by Visa, which is rare in the industry, essentially serves as a warning to merchants that Global Payments, which processes credit, debit and gift card transactions, no longer meets Visa's standards for security. It isn't clear if Visa has knowledge of a hole in Global Payments' security network that allowed intruders to access information.

MasterCard has not pulled its approval of the processor but is awaiting the results of an external independent forensics firm's investigation of the breach, according to the Journal.

What you should do

If the Global Payments breach is an isolated incident, the 1.5 million cards represent a small fraction of the credit and debit cards in circulation in the U.S. That total is more than 1 billion, according to The Nilson Report (.pdf file), a trade publication that covers the payment systems business.

That's small comfort if your card is among those compromised, however.

If your card issuer has reason to suspect that your account was affected by the security breach, you will be contacted, and your card may be reissued. 

• Smart Spending on the go: Get our app for Android or iPhone

Global Payments' site also advises that "if you believe your credit card information is at risk, immediately contact your card-issuing institution or bank and all other relevant financial institutions."

According to the Federal Trade Commission, cardholders are liable for only $50 in unauthorized charges on stolen credit cards and have no liability for unauthorized use if a credit card number, but not the actual card, was stolen.

Similar limitations are in place for debit cards. However, it can take much longer to clear up unauthorized use of a debit card account because when you use a debit card, the money is taken directly out of your account.

More on MSN Money:

• 'Massive' credit card data breach reported
• You shopped at Zappos: Now what?
• Credit card issuers that keep you safe
• 5 places to never use your debit card
• Security expert: How I'd hack your passwords
• Estimate your credit score for free