New Card Processor Breach, coming soon to a news outlet near you

2009-02-22 by d2d Credit-cards2

As we mentioned over a week ago, a new processor breach seems to have occurred. Banks around the country are being notified of a new breach unrelated to the Heartland Payment Systems breach.

When we initially wrote about it, we were acting on a tip that was corroborated by other sources who wish to remain anonymous. What we knew at the time but couldn't publish was that it was a "card not present" breach at an "acquirer / processor". We're now able to say this specifically, as another source has come out publicly with the information (props to for finding this source.)

What we still don't know is what processor has been breached. According to the aforementioned article, and as has been confirmed by our sources, VISA and Mastercard are refusing to disclose which acquirer processor had the breach, as the organization hasn't released a public statement on it yet themselves.

We do know, from the aforementioned article and through investigative work done here as well, that the breach in question isn't magstripe (hence card not present). The terms "card not present" have been repeatedly used by almost every source we have, and this article as well. We also know that cards affected by the Heartland breach may also have been affected by this breach, leading to some confusion at banks regarding reissuing cards.

Our questions: No magstripes? All "card not present"? Either this was a breach in a major processor's online transactions system, or, the breach was at a major online payment processor. Those are our guesses, but, we've been surprised before. Also, why hasn't the breached organization come forward? It has been "suggested" to us that some sort of a "gag" order is in effect on the topic, but we haven't been able to ascertain whether this is an actual judicial order, or some otherwise unofficial order to keep quiet on this.

As to the size and scale of this new breach, we're hearing mixed responses from smaller than Heartland to larger than Heartland, and given that we don't yet have a number regarding Heartland, it seems ever more speculative as to just how big this new breach is. One thing is certain, the two breaches amount to a lot of card replacements, a lot of bankers working overtime, and a lot of consumers inconvenienced, or worse, defrauded.

More details as this unfolds, as it no doubt will.


by Anonymous on 2009-02-24 (about 5 years ago)

It appears credit unions are getting hit by this one. Here's a Boston area incident.

by Anonymous on 2009-02-24 (about 5 years ago)

If BOA is the second breach, I can see why it is not being announced. Imagine what that would do to the stock price?

by Anonymous on 2009-02-24 (about 5 years ago)

It could also be a major online payment processor such as eBay or Paypal

by Anonymous on 2009-02-24 (about 5 years ago)

My BofA credit card was compromised in the past week. I used it only for recurring payments to merchants I thought were trustworthy (NetFlix, Sprint, DirecTV, PayPal, eBay, and a few others).

by Anonymous on 2009-02-24 (about 5 years ago)

I can't belive this compnay won't come public with their breach like Heartland did. I suspect their will be a lot more processor breaches coming to light in the near future!

by d2d [Data Loss Maven] on 2009-02-24 (about 5 years ago)

Re: No breach

Perhaps, but...according to several sources, cards are being reissued as a result of this "breach".

by Anonymous on 2009-02-24 (about 5 years ago)

The sad truth is the majority of financial organizations out there are just digging their heads in the sand regarding the gap in web/network security because of the economy. Apparently it’s got to get a lot worse before they take action or spend more to address the problems.

by Anonymous on 2009-02-25 (about 5 years ago)

So, logically we could find out which cards are being reissued and check them out against Heartland. Would that not help zero in on the processor that is at fault?

by Anonymous on 2009-02-27 (about 5 years ago)

How can BofA's stock price go any lower? It's already like $4

by Anonymous on 2012-03-17 (about 2 years ago)

Thank you for the comment. Very good qstueion. The answer is: No, there is no connection, Heartland and SignaPay are competitors. They are two of the many competing Independent Sales Offices (ISO's) throughout the nation. ISO's are the vehicle used by Acquirerers to market their processing services.BG

New Comment

Are you human?

Sponsored By: Rbs Zecurion
Use of the DataLossDB, and its exports, RSS feeds, reports, or other materials produced on this site by the Open Security Foundation requires authorization and potential licensing arrangements. For more information, please e-mail [email protected] with a brief summary of how you would like to use this information; product, service, research, etc.
© 2005 - 2014, Open Security Foundation, All Rights Reserved.