Global Payments, a little-known third-party processor of credit-card transactions, has admitted that its security defenses were breached by hackers, leaving more than one million customers of Visa, MasterCard, and other companies vulnerable to fraud. Visa and MasterCard were quick to reassure customers that they would be covered for any losses from theft, but the attack nevertheless is raising concerns about the security of the credit-card payment system. The incident is also casting a spotlight on Global Payments and other companies that help execute credit-card transactions, and that could be less secure than bigger companies like Visa. Here, a guide to this major data breach:
What did the hackers steal?
The thieves were able to obtain as many as 1.5 million credit card numbers and corresponding expiration dates, according to Global Payments. However, customers' names, addresses, and social security numbers reportedly remain safe. The hackers may try to use the data to make illegal purchases, but will likely be foiled if they're asked to key in the CVV code (the three to four numbers printed on the back of your card).
How does Global Payments have these numbers?
Global Payments is just one of many firms hired by Visa and other credit card companies to authorize transactions. Between your purchase at the store and your credit-card company registering the sale, there are dozens of third parties that do the invisible task of checking and clearing the data you provide with a swipe of the card. For a time, these companies possess your account information, which is the "holy grail" for computer thieves, say Jessica Silver-Greenberg and Nelson Schwartz at The New York Times.
How are credit card companies responding?
Visa says it will drop Global Payments' services, though other companies have yet to take that step.
Have third-party processors been attacked before?
Yes. In 2008, 130 million credit card accounts were exposed after Heartland Payment Systems was attacked. In 2005, 40 million accounts were compromised in a breach of CardSystems Solutions. The breach of Global Payments was slightly different, and possibly more dangerous, because the hackers were able to "export" the data from the company's system, instead of just getting a glimpse of it, says Robin Sidel at The Wall Street Journal.
What can I do to protect myself?
"Customers should sit tight," says Julianne Pepitone at CNN. Credit card companies will contact you if your information has been stolen, and will cover the cost for any theft. Customers should also "carefully monitor credit card statements on a weekly basis" for any evidence of fraud, says Marianne Bicklet at Forbes.
THE WEEK'S AUDIOPHILE PODCASTS: LISTEN SMARTER
- The Obama era is over. The presidency continues.
- America created the Islamic State of Iraq and Syria? Meet the ISIS 'truthers'
- What is Molly? Everything you need to know about the party drug
- Russia's giant spy ship was a high-tech disaster waiting to happen
- What would a U.S.-Russia war look like?
- How American businessmen are ruining American business — and the U.S. economy
- On ISIS, neocons and liberal hawks have a 'boy who cried wolf' problem
- The constant struggle of running a family farm in 21st century America
- How Harry Houdini escaped death
- How to stop misogynists from terrorizing the world of gamers
Subscribe to the Week