lobal Payments, a little-known third-party processor of credit-card transactions, has admitted that its security defenses were breached by hackers, leaving more than one million customers of Visa, MasterCard, and other companies vulnerable to fraud. Visa and MasterCard were quick to reassure customers that they would be covered for any losses from theft, but the attack nevertheless is raising concerns about the security of the credit-card payment system. The incident is also casting a spotlight on Global Payments and other companies that help execute credit-card transactions, and that could be less secure than bigger companies like Visa. Here, a guide to this major data breach:
What did the hackers steal?
The thieves were able to obtain as many as 1.5 million credit card numbers and corresponding expiration dates, according to Global Payments. However, customers' names, addresses, and social security numbers reportedly remain safe. The hackers may try to use the data to make illegal purchases, but will likely be foiled if they're asked to key in the CVV code (the three to four numbers printed on the back of your card).
How does Global Payments have these numbers?
Global Payments is just one of many firms hired by Visa and other credit card companies to authorize transactions. Between your purchase at the store and your credit-card company registering the sale, there are dozens of third parties that do the invisible task of checking and clearing the data you provide with a swipe of the card. For a time, these companies possess your account information, which is the "holy grail" for computer thieves, say Jessica Silver-Greenberg and Nelson Schwartz at The New York Times.
How are credit card companies responding?
Visa says it will drop Global Payments' services, though other companies have yet to take that step.
Have third-party processors been attacked before?
Yes. In 2008, 130 million credit card accounts were exposed after Heartland Payment Systems was attacked. In 2005, 40 million accounts were compromised in a breach of CardSystems Solutions. The breach of Global Payments was slightly different, and possibly more dangerous, because the hackers were able to "export" the data from the company's system, instead of just getting a glimpse of it, says Robin Sidel at The Wall Street Journal.
What can I do to protect myself?
"Customers should sit tight," says Julianne Pepitone at CNN. Credit card companies will contact you if your information has been stolen, and will cover the cost for any theft. Customers should also "carefully monitor credit card statements on a weekly basis" for any evidence of fraud, says Marianne Bicklet at Forbes.
- This is the twistiest tongue twister ever, says science
- 4 secret societies you probably don't know about
- The secrets of happy families
- Battle in a blizzard
- Diagnosing the Home Alone burglars' injuries: A professional weighs in
- Here's how crazy-long German words are made
- 7 health benefits of playing video games
- How to stick it to the poor: A congressional strategy
- Which professions have the most psychopaths?
- Why U.S. and British spies have moles in World of Warcraft
Subscribe to the Week