40M credit cards hacked NEW YORK (CNN/Money) - A security breach has occurred at a third-party processor of payment card transactions that affects over 40 million card accounts, Mastercard International said Friday. Of the cards involved, 13.9 million were MasterCard-branded cards, which include Maestro and Cirrus, and 22 million were Visa cards, said Visa spokeswoman Rhonda Bentz. The breach took place at the Tucson office of CardSystems Solutions, which processes transactions on behalf of financial institutions and merchants. CardSystems said in a statement that it identified the breach on May 22 and contacted the FBI the next day. Mastercard learned the final details of the breach this week, according to spokeswoman Jessica Antle. "It looks like a hacker gained access to CardSystems' database and installed a script that acts like a virus, searching out certain types of card transaction data." "We're working with the FBI. It's a criminal investigation," Visa's Bentz said, noting that CardSystems "was out of compliance" with Visa's security standards when the breach occurred and that Visa would review whether it would continue to work with CardSystems when the case is resolved. CardSystems said it has taken measures since discovery of the breach to enhance its security procedures. Mastercard said in a statement that it is giving CardSystems "a limited amount of time to demonstrate compliance with Mastercard security requirements." FBI spokesman Rex Tomb couldn't give more details about the case, saying only that "we're looking into it. But there's nothing more we can say at this time. It's a pending case." MasterCard said it is giving member financial institutions the specific card account numbers that may have been compromised. The credit card information exposed in the breach did not include any Social Security numbers, birth dates or other highly sensitive personal data, Mastercard said. Consumers receive protection if unauthorized charges are made on their credit cards. MasterCard and Visa, for instance, have zero-liability policies. Bentz said Visa will be monitoring the accounts closely and should know before cardholders if there has been any fraudulent activity. Thus far, she said, "We haven't seen anything outside of the norm." If ever you notice unauthorized charges on your credit card, you should notify your card issuer immediately. The breach reported by Mastercard on Friday is one in a long line of breaches reported this year by consumer data aggregators like ChoicePoint, retailers such as DSW and corporations such as Time Warner, parent company of CNN/Money.com. Rather than a rash of illicit activity, experts say, the slew of reports may have more to do with companies wishing to protect themselves in the wake of a California state law requiring businesses to notify its customers when their personal information has been exposed in a security breach. Illinois this week became the second state to pass such a law. Concerned about your ID being stolen? Click here. To learn more about the companies that profit off your personal information, click here. Top of page ------------- "You owe me money!" -- Bert.
Until the laws are changed we need to protect ourselves. Are there any legit 3 in 1, real time credit monitoring services? I looked at True Credit and they only send out weekly notifications. I would like to get immediate notifications upon any change to my credit info.
It seems to me like the media is making this story much bigger than it really is. There were no SS numbers, birth dates, etc involved, and it even said in the story that you're not liable for unauthorized charges. It has nothing to do with "identity theft". The media is doing what it does best....needlessly scaring people. Still, Congress and the Pres need to wake up and fix this embarrassing mess of data sharing and the extremely lax standards of the credit industry. Identity theft is very rare in Europe.
The solutions to this problem seem so obvious: -Free, real time credit monitoring (by email). -Much tougher regulations regarding data storage and data handling. -Retailers that always check for ID's when someone uses a credit card (it's suprising how many don't). -Controlling your own credit report. You're the only one that can allow access to it. -Tighter restrictions on the use of SS numbers.
so why does this make it a "shit storm coming?" I use a master card credit card and nothing has happened to me.
The banks are pretty adept at spotting fraudulent activity. My corporate card info was swiped from a major Internet electronics retailer and used to make a $7 purchase overseas in December 2000. The bank called me to ask if I had made the purchase, but in fact they'd already cancelled the card a few days prior to that. And therein lies the bad news: you won't be liable for purchases you didn't make, but purchases you did make will bounce because of your cancelled credit card. Consumers, though, are likely to have an additional card they can use as a backup.
I think the worst news for the credit industry was the New York Times article that profiled people who stuffed their business reply envelopes for credit card applications with lead weights and heavy stock paper. Supposedly, their mailing costs went through the roof after that article because people got sick of receiving junk mail from them.
I always fill the "postage paid" return envelope with other junk mail that I receive. I never thought of weighing down the envelope...thanks for the heads up. I'll start that on Monday.
I like the approach this suggests for telemarketers as well ... the sob's always ring just before a move in the index!! Subject: FW: JUNK MAIL REVENGE (1) Junk Mail Help: When you get "ads" enclosed with your phone or utility bill, return these "ads" with your payment. Let the sending companies throw their own junk mail away. When you get those "pre-approved" letters in the mail for everything from credit cards to 2nd mortgages and similar type junk, do not throw away the return envelope. Most of these come with postage-paid return envelopes, right? It costs them more than the regular 37 cents postage "IF" and when they receive them back. It costs them nothing if you throw them away! The postage was around 50 cents before the last increase and it is according to the weight. In that case, why not get rid of some of your other junk mail and put it in these cool little, postage-paid return envelopes. Send an ad for your local chimney cleaner to American Express. Send a pizza coupon to Citibank. If you didn't get anything else that day, then just send them their blank application back! If you want to remain anonymous, just make sure your name isn't on anything you send them. You can even send the envelope back empty if you want to just to keep them guessing! It still costs them 37 cents. The banks and credit card companies are currently getting a lot of their own junk back in the mail, but folks, we need to OVERWHELM them. Let's let them know what it's like to get lots of junk mail, and best of all they're paying for it...Twice! Let's help keep our postal service busy since they are saying that e-mail is cutting into their business profits, and that's why they need to increase postage costs again. You get the idea! If enough people follow these tips, it will work---- I have been doing this for years, and I get very little junk mail anymore. (2)Telemarketers ideas .... The three little words are: "Hold On, Please..." Saying this, while putting down your phone and walking off (instead of hanging-up immediately) would make each telemarketing call so much more time-consuming that boiler room sales would grind to a halt. Then when you eventually hear the phone company's "beep-beep-beep" tone, you know it's time to go back and hang up your handset, which has efficiently completed its task. These three little words will help eliminate telephone soliciting. (3) Do you ever get those annoying phone calls with no one on the other end? This is a telemarketing technique where a machine makes phone calls and records the time of day when a person answers the phone. This technique is used to determine the best time of day for a "real" sales person to call back and get someone at home. What you can do after answering, if you notice there is no one there, is to immediately start hitting your # button on the phone, 6 or 7 times, as quickly as possible. This confuses the machine that dialed the call and it kicks your number out of their system. Gosh, what a shame not to have your name in their system any longer !!! THIS JUST MIGHT BE ONE E-MAIL THAT YOU WILL WANT TO FORWARD TO YOUR FRIENDS
Try www.identitytrack.com They are a legit business. Here is something from their site. Notify Express(SM) Monitoring Notify Express Credit card fraud costs consumers over $1 billion annually. Credit Monitoring and Alerts with Notify ExpressSM is a fast, convenient way to keep track of your credit information and detect the early signs of fraudulent activity before they ruin more than your bank account. It helps you to stay informed and act quickly if potentially fraudulent activity appears. How Credit Monitoring and Alerts help protect your credit file from fraudulent activity 1. Notify Express checks your credit files for activity every business day. 2. Notify Express alerts you via e-mail, U.S. mail, text-enabled cell phone or pager, so you can act immediately to fraudulent activity. You will receive an alert when new accounts are opened, inquiries are made, or address changes occur. It is not free. $10/month. Depends how much exposure you think is really out there.