Following rumours over the weekend, Global Payments — a massive international credit card processor — has confirmed that it suffered a massive security breach. Hackers managed to acquire customer information from up to 1.5 million accounts across North America. As far as we know, every major credit card provider is affected.
If you're shrugging this off because you've never even heard of Global Payments, you shouldn't. While you may not come into contact with the company directly, it provides processing services for nearly every major credit card company. Last year alone, that meant $US120.6 billion in transactions through just Visa and MasterCard.
The Wall Street Journal reports that the news came to light when Visa withdrew from using the company's services as a result of the problem. Though card and account information was exported from the the servers of Global Payments, it's currently thought that the criminals didn't obtain cardholder names, addresses or Social Security numbers.
A spokesperson from Global Payments told the Wall Street Journal that "[b]ased on the forensic analysis to date, network monitoring and additional security measures, the company believes that this incident is contained." Believing something is contained and confirming that it's over are, though, two very different things. Global Payments also said that the information that was stolen would be enough to make online purchases, or to clone cards for brick and mortar fraud.
In this case, it seems those most at risk of having had their information compromised are people who paid for a taxi in New York City over the last several months. The only detail Global Payments confirmed was the extent of the damage, though, not the origination. Or, more importantly, how to find out if you're affected.
The move by Visa to stop using the services of Global Payment is a big one: it's a rare occurrence in the industry, so signals a complete lack of trust. It's not yet clear whether others will follow suit. As of Friday, banks were taking extra care to monitor accounts for suspicious activity. [Wall Street Journal]