Up To 1.5 Million Visa, MasterCard Credit Card Numbers Stolen 189
An anonymous reader writes "Global Payments, the U.S.-based credit card processor company that experienced a security breach affecting Visa and MasterCard, confirmed that the breached portion of its processing system was confined to North America. The company also finally revealed how many credit card numbers were stolen: around 1,500,000."
Re:Recourse? (Score:5, Informative)
Whether it is used now or later, you are not liable. Your recourse is that you are NEVER liable for credit card transactions.
And VISA already dropped Global Payments. Let the market and common law handle this...
Re:Recourse? (Score:5, Informative)
They dropped them from the list of "secure" providers. Global Payments is still authorized to handle VISA credit card payments.
New Security Model (Score:5, Informative)
That government guy from the cyberwar scare story last week had it right... We need a new security model. Just assume that your credit card numbers, your social security number, etc., are already compromised. Those things were never designed to be secure, and companies that we trust with this data simply can't keep them safe. We just have to accept that the bad guys are all up in our business and adjust our practices accordingly. We could do it.
Re:Recourse? (Score:5, Informative)
http://www.ftc.gov/bcp/edu/pubs/consumer/credit/cre04.shtm [ftc.gov]
Re:Recourse? (Score:5, Informative)
The burden on the consumer to protect themselves is not high. All you have to do is what you should already be doing, looking over your statement and reporting anything you have questions about.
Aside from this, it seems likely they will notify the people who were affected and issue them new cards if they can identify who they were. It may not be possible to tell which numbers were stolen, only which were exposed.
Re:Recourse? (Score:5, Informative)
* They also pushed through a law prohibiting merchants from charging extra for credit card transactions to cover the additional risk of fraud. Some merchants get around it by offering a cash discount.
Re:Recourse? (Score:4, Informative)
Posted anon on purpose.
I work for a credit card company and we give out both Visa and Mastercard. When there is a fraud, WE pay the money. If you need a new card WE pay for that new card.
If you contest a charge and there is anything reasonable (so no cash withdrawal with your PIN code) we will FIRST give you the money back, then start the investigation and if there is no actual fraud (or more likely a fraud attempt of the cardholder) he will see it on a later bill.
This means in many cases that the merchant has the money, the customer has nothing to pay and we end up with the bill.
Now if the USofA would start using a modern system like the rest of the world, instead of still using the magnetic strip confirmed by a signature on the card, use the PIN code system with a chip. This seriously will increase security.
As far as we are concerned, if you go to the US, it will cost US money, because of the backwater system that is used.
Almost all of the world has changed to a more secure system, yet the US is somehow unable to get up to speed.
Will it ecxlude all situations or all fraude? No, but it will seriously reduce it. How? If you do not have the code, you can only try to buy stuff on the Internet. The moment the card is noted as stolen, even that won't work, because the card is blocked from that moment on.
Re:Recourse? (Score:4, Informative)
Wait, VISA will still let insecure providers to process transactions?
Global Payments is a huge provider, and Visa couldn't just stop processing payments from them without impacting a huge number of merchants.
(I'm not disputing what you're saying, I just find it amazing they'd let someone who doesn't have good data security anywhere near transactions.)
Even companies who have good security can suffer a breach. I haven't seen any details on what happened, whether it was gross negligence, an inside job, or what. To even be processing with Visa, you have to pass security audits for basic procedures. They'll get whatever went wrong fixed and re-apply for approval.
The real problem here is the reliance on "secret" data (your credit card number) that is published on every transaction. With so many people and organizations involved, it's inevitable that these leaks will happen.
It's 2012. There are much better solutions using smart cards and public/private keys.