Credit Cards Online Information

MasterCard International on Friday said a security breach of credit card payment data had exposed about 40 million cards of all brands to potential fraud in what one analyst said was the biggest privacy breach ever.

About 13.9 million of those credit cards at risk are MasterCard-branded cards, the company said. An unauthorized person infiltrated cardholder data at a company which processes transactions.

"It sounds like the Guinness Book of World Records here," said Richard Smith, a leading computer privacy activist who runs a Web site called ComputerBytesMan.com.

There have been a string of episodes this year in which companies have reported stolen or misappropriated customer data. Bank of America Corp., ChoicePoint Inc. and Reed Elsevier's are some of the companies that have reported breaches.

MasterCard International said its security staff identified the breach at Tucson-based CardSystems Solutions Inc., a third-party processor of payment card data. Third party processors process transactions on behalf of financial institutions and merchants.

Secret Service spokesman Jonathan Cherry declined to comment. The U.S. Secret Service and CardSystems were not available for comment. Calls to Visa USA, MasterCard's biggest rival, also were not returned immediately.

MasterCard said security vulnerabilities in CardSystems processor's systems allowed an unauthorized individual to infiltrate CardSystems' network and access cardholder data.

MasterCard cautioned that social security numbers, dates of birth and the like were not stored on MasterCard cards.

CardSystems has already taken steps to improve the security of its system, MasterCard said it was giving the company "a limited amount of time" to demonstrate compliance with MasterCard security requirements.

MasterCard said it immediately notified its customer banks of specific card accounts that may have been subject to compromise so they can take the measures to protect their cardholders.

# posted by Medical Information : 3:05 AM