WASHINGTON (Updated: 6:50 p.m. ET 3/30/12)--The Credit Union National Association (CUNA) has confirmed that Visa and MasterCard are notifying card-issuing credit unions and banks of a possible massive data breach involving Atlanta-based Global Payments Inc., a third-party payment processor.
Visa Inc. told CUNA this morning that it "is aware of a potential data compromise incident at a third party entity affecting card account information from all major card brands. There has been no breach of Visa systems, including its core processing network VisaNet."
"Visa has provided payment card issuers with the affected account numbers so they can take steps to protect consumers through independent fraud monitoring and, if needed, reissuing cards," said Visa's statement.
"It's important for U.S. Visa consumer cardholders to know they are protected against fraudulent purchases with Visa's zero liability fraud protection policy, which exceeds federal safeguards," said Visa. The company encouraged cardholders to "regularly monitor their accounts and to notify their issuing financial institution promptly of any unusual activity." It provided a link for additional consumer security tips (use the resource link).
"Every business that handles payment card information is expected to protect the security and privacy of their customers' financial information by adhering to the highest data protection standards," Visa said. "Visa also supports advanced security layers such as encryption, tokenization and dynamic authentication through EMV chip technology to further protect sensitive account information and minimize the impact of data compromises," it continued.
MasterCard also confirmed today to CUNA that it "is currently investigating a potential account data compromise event of a U.S.-based entity and, as a result' we have alerted payment card issuers regarding certain MasterCard accounts that are potentially at risk."
The Purchase, N.Y.-based company, in a statement sent to CUNA, said it "is concerned whenever there is any possibility that cardholders could be inconvenienced, and we continue to both monitor this event and take steps to safeguard account information. If cardholders have any concerns about their individual accounts, they should contact their issuing financial institution."
It also noted that "law enforcement has been notified of this matter and the incident is currently the subject of an ongoing forensic review by an independent data security organization. It is important to note that MasterCard's own systems have not been compromised in any manner."
Later in the day Global Payments Inc. announced part of its system had been accessed. It promptly notified law enforcement authorities and industry parties to allow them to minimize potential cardholder impact, said Global Payments. See Monday's News Now for more detail.
The number of cards compromised and the number of credit unions and banks being notified were not announced. The breach was first reported by Krebs On Security blog.