Update: Up to 1.5 million Visa, MasterCard credit card numbers stolenVisa, MasterCard warn of 'massive' security breach and Analysts on Visa, MasterCard credit card security breach). Both Visa and MasterCard have now confirmed the breach, although the two also emphasize their own security systems were not compromised.
First off, here's Visa's statement:
Visa Inc. is aware of a potential data compromise incident at a third party entity affecting card account information from all major card brands. There has been no breach of Visa systems, including its core processing network VisaNet.
Visa has provided payment card issuers with the affected account numbers so they can take steps to protect consumers through independent fraud monitoring and, if needed, reissuing cards.
It's important for U.S. Visa consumer cardholders to know they are protected against fraudulent purchases with Visa's zero liability fraud protection policy, which exceeds federal safeguards. As always, Visa encourages cardholders to regularly monitor their accounts and to notify their issuing financial institution promptly of any unusual activity. Additional consumer security tips are available at www.VisaSecuritySense.com.
Every business that handles payment card information is expected to protect the security and privacy of their customers' financial information by adhering to the highest data protection standards. Visa also supports advanced security layers such as encryption, tokenization and dynamic authentication through EMV chip technology to further protect sensitive account information and minimize the impact of data compromises.
Here is MasterCard's statement:
MasterCard is currently investigating a potential account data compromise event of a U.S.-based entity and, as a result, we have alerted payment card issuers regarding certain MasterCard accounts that are potentially at risk. Law enforcement has been notified of this matter and the incident is currently the subject of an ongoing forensic review by an independent data security organization.
Alerts sent out to U.S. banks late last week advised them that certain cards may have been compromised, and that full Track 1 and Track 2 data was taken, which means perpetrators got enough to counterfeit new cards. The breach, which is believed to have occurred between January 21 and February 25, 2012, may involve more than 10 million compromised card numbers.
Update: Up to 1.5 million Visa, MasterCard credit card numbers stolen