Global Payments, a little-known third-party processor of credit-card transactions, has admitted that its security defenses were breached by hackers, leaving more than one million customers of Visa, MasterCard, and other companies vulnerable to fraud. Visa and MasterCard were quick to reassure customers that they would be covered for any losses from theft, but the attack nevertheless is raising concerns about the security of the credit-card payment system. The incident is also casting a spotlight on Global Payments and other companies that help execute credit-card transactions, and that could be less secure than bigger companies like Visa. Here, a guide to this major data breach:
What did the hackers steal?
The thieves were able to obtain as many as 1.5 million credit card numbers and corresponding expiration dates, according to Global Payments. However, customers' names, addresses, and social security numbers reportedly remain safe. The hackers may try to use the data to make illegal purchases, but will likely be foiled if they're asked to key in the CVV code (the three to four numbers printed on the back of your card).
How does Global Payments have these numbers?
Global Payments is just one of many firms hired by Visa and other credit card companies to authorize transactions. Between your purchase at the store and your credit-card company registering the sale, there are dozens of third parties that do the invisible task of checking and clearing the data you provide with a swipe of the card. For a time, these companies possess your account information, which is the "holy grail" for computer thieves, say Jessica Silver-Greenberg and Nelson Schwartz at The New York Times.
How are credit card companies responding?
Visa says it will drop Global Payments' services, though other companies have yet to take that step.
Have third-party processors been attacked before?
Yes. In 2008, 130 million credit card accounts were exposed after Heartland Payment Systems was attacked. In 2005, 40 million accounts were compromised in a breach of CardSystems Solutions. The breach of Global Payments was slightly different, and possibly more dangerous, because the hackers were able to "export" the data from the company's system, instead of just getting a glimpse of it, says Robin Sidel at The Wall Street Journal.
What can I do to protect myself?
"Customers should sit tight," says Julianne Pepitone at CNN. Credit card companies will contact you if your information has been stolen, and will cover the cost for any theft. Customers should also "carefully monitor credit card statements on a weekly basis" for any evidence of fraud, says Marianne Bicklet at Forbes.