Global Payments, a little-known third-party processor of credit-card transactions, has admitted that its security defenses were breached by hackers, leaving more than one million customers of Visa, MasterCard, and other companies vulnerable to fraud. Visa and MasterCard were quick to reassure customers that they would be covered for any losses from theft, but the attack nevertheless is raising concerns about the security of the credit-card payment system. The incident is also casting a spotlight on Global Payments and other companies that help execute credit-card transactions, and that could be less secure than bigger companies like Visa. Here, a guide to this major data breach:
What did the hackers steal?
The thieves were able to obtain as many as 1.5 million credit card numbers and corresponding expiration dates, according to Global Payments. However, customers' names, addresses, and social security numbers reportedly remain safe. The hackers may try to use the data to make illegal purchases, but will likely be foiled if they're asked to key in the CVV code (the three to four numbers printed on the back of your card).
How does Global Payments have these numbers?
Global Payments is just one of many firms hired by Visa and other credit card companies to authorize transactions. Between your purchase at the store and your credit-card company registering the sale, there are dozens of third parties that do the invisible task of checking and clearing the data you provide with a swipe of the card. For a time, these companies possess your account information, which is the "holy grail" for computer thieves, say Jessica Silver-Greenberg and Nelson Schwartz at The New York Times.
How are credit card companies responding?
Visa says it will drop Global Payments' services, though other companies have yet to take that step.
Have third-party processors been attacked before?
Yes. In 2008, 130 million credit card accounts were exposed after Heartland Payment Systems was attacked. In 2005, 40 million accounts were compromised in a breach of CardSystems Solutions. The breach of Global Payments was slightly different, and possibly more dangerous, because the hackers were able to "export" the data from the company's system, instead of just getting a glimpse of it, says Robin Sidel at The Wall Street Journal.
What can I do to protect myself?
"Customers should sit tight," says Julianne Pepitone at CNN. Credit card companies will contact you if your information has been stolen, and will cover the cost for any theft. Customers should also "carefully monitor credit card statements on a weekly basis" for any evidence of fraud, says Marianne Bicklet at Forbes.
THE WEEK'S AUDIOPHILE PODCASTS: LISTEN SMARTER
- Why you should stop believing in evolution
- 10 things you need to know today: August 20, 2014
- Why China thinks it could defeat the U.S. in battle
- The secret to handling pressure like astronauts, Navy SEALs, and samurai
- Why your employer should clean your house and do your laundry
- What you need to know before you support the police in Ferguson
- What the 'death of the library' means for the future of books
- The real lesson of Rick Perry's mug shot
- Welcome to the age of ambivalent feminism
- What would a U.S.-Russia war look like?
Subscribe to the Week