Escaped The Largest Credit Card Data Breach Ever? Well, Here's Another One...

from the just-assume-someone-else-has-your-cc-info dept

Tue, Feb 24th 2009 6:10pm — Mike Masnick

Remember last month when a credit card payment processor was forced to admit a security breach that could impact 100 million people? Well, if you were lucky enough not to get caught up in that breach, there's apparently another one to worry about. Visa and Mastercard are issuing a new warning over a different payment processor whose system was apparently compromised as well. At this rate, it's getting silly to have static credit card numbers, since it seems like we're replacing our cards every few months anyway.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: credit cards, data breach
Companies: mastercard, visa

15 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Anonymous Coward, 24 Feb 2009 @ 6:28pm

I think they do it on purpose
It wont be long before there is a bill introduced to remove the obligation to report these incidents. It will be cleverly named something like the Truth In Data Breaches Act. Then when you report invalid charges on your account they will act like it is all your fault.
[ link to this | view in chronology ]
TheStupidOne, 24 Feb 2009 @ 7:49pm

Verified Addresses, Bio Identifiers
AND THE MARK OF THE BEAST!!! Beware everyone. the end time are upon us. The antichrist will rise soon and force us all to get RFID chips containing all of our financial information implanted in out hands or on our foreheads!!!!!

but at least our information will be "secure"

(waits for people to think I'm serious)

I really should start using virtual credit card numbers for websites, but even then it doesn't help the real cards I get having their information stolen.

hmmmm, what could be a good solution. How about a payment system for online purchases that generates a number for each individual merchant. If a charge comes through for a number that is specific to a merchant, but from somewhere else, then the bill goes to the merchant the "lost" the number. Then for an actual card, how about combine fingerprint and the card to make it work. might not be reasonable, but it is much more secure than a digital signiture.
[ link to this | view in chronology ]
- Anonymous Coward, 24 Feb 2009 @ 8:26pm
  
  Re: Verified Addresses, Bio Identifiers
  "hmmmm, what could be a good solution."
  
  - Companies actually giving a shit ?
  [ link to this | view in chronology ]
- Evil Mike, 25 Feb 2009 @ 6:46am
  
  Re: Verified Addresses, Bio Identifiers
  In order for something like that to work, you'd need a unique identifier generated from a combination of merchant id, merchant location, shopper id, shopper location, and time/date of transaction. Keyword here is UNIQUE. Use a separate method of verifying the components of the unique transaction identification--verifies ALL of the info--and, of course, you'd have to make it un-spoofable.
  
  Good luck with that.
  [ link to this | view in chronology ]
  - chad, 25 Feb 2009 @ 9:25am
    
    Re: Re: Verified Addresses, Bio Identifiers
    Why not have credit cards that have rotation numbers similar to RSA's SecurID authentication tokens? Combine that with a pin, and you have a more secure card.
    [ link to this | view in chronology ]
eleete, 24 Feb 2009 @ 8:41pm

Identity Crisis
I wonder how much Identity Theft has to do with the current crisis. We all hear about mortgages, but with that post about the Nigerian Scam perpetrated on CitiBank, Im surious what role Identity theft has in this whole mess. If it isn't completely manufactured in the first place. How many of these failing financial institutions (potential bailout recipients) would be willing to admit that they are victims of scams around the planet ?
[ link to this | view in chronology ]
- eleete, 24 Feb 2009 @ 8:42pm
  
  Re: Identity Crisis
  surious = curious
  late night, sry
  [ link to this | view in chronology ]
Anonymous Coward, 25 Feb 2009 @ 5:38am

Think of the children!
I'm sure advocates of keeping wifi logs for at least two years, wiretapping U.S. citizens, and those who would make file sharing illegal will be adding this to their defense. "See! Look how much child porn was purchased with stolen credit card numbers! Using credit cards should be illegal. Think of the children!"

Honestly, I don't think we're far off from having mandatory RFID tags. They already put them in credit cards, passports, its not a far strech to think they will be added to state ID and drivers licenses.
[ link to this | view in chronology ]
Some Credit Card Holder, 25 Feb 2009 @ 6:10am

I activated my last replacement card less than a week ago. Maybe they can just send me two more right away that way I don't have to wait so long between data breaches.
[ link to this | view in chronology ]
Anonymous Coward, 25 Feb 2009 @ 7:04am

fear mongering?
I have had credit cards for better then 20 years and have never nad to change a number or been the victim of any fruad. I take only general "thinking person" precautions and have only had to change cards on a couple occasions and each time only because I myself lost the card (I would also point out that I never cary cash and do absolutely everything on credit cards).

Im not sure this hysteria is really all that productive. Especially when the credit card companies themselves absorb the vast majority of fraud people actually do encounter (which I suspect is much much much lower then many in the media - and security business- would have us think).
[ link to this | view in chronology ]
- Gortha (profile), 19 Jan 2010 @ 4:06pm
  
  Re: fear mongering?
  Actually the credit card companies do NOT absorb the majority of the fraud...the breached merchants do. I know..I'm one of them and there are thousands of merchants nation wide who have agreed to do this so they can continue to process credit cards in their businesses. It's sad...smacks of paying protection money to the mob...black mail...call it what you want. But the credit card companies won't take you unless you agree to pay any "charge backs" to cards that were compromised if their system is hacked.
  It's quite a racket! I was impressed. Sickened...but impressed...and it's legal. Go figure.
  [ link to this | view in chronology ]
Pin Me, 25 Feb 2009 @ 9:16am

Pin Me
When is the use of Credit Cards going to require the entry of PIN numbers as well as the swipe. Then we could change our PINs every 30 days.
[ link to this | view in chronology ]
TJ, 25 Feb 2009 @ 8:45pm

A benefit to disposable numbers
Since this case only involves card-not-present transactions like Internet sales, it looks like using disposable numbers can give me peace of mind on this one. Am using Bank of America's ShopSafe that issues unique numbers through a Flash applet, but there are other solutions too. It is a shame that I now have to be more worried about using the cc at a restaurant or gas station, and having been through trying to get false charges reversed with another bank it is something that concerns me.

Something like chip-and-pin in the UK would be a step forward, but apparently that system sadly wasn't designed to be as resistent to direct hardware tampering as it could/should have been. It would be so nice for a change to see a mass-market security system rolled out where white-hats were given a chance to find obvious weaknesses before millions of people were using the thing.
[ link to this | view in chronology ]
Anonymous Coward, 8 Mar 2009 @ 12:51pm

One popular approach is to transfer your high-interest credit card debt to some lower-interest loan - either a home equity loan or a low-interest card http://www.credit-cards-rates.co.cc
[ link to this | view in chronology ]
Nikhil Agarwal, 18 Mar 2009 @ 12:33am

Credit Cards
I have got new credit cards that resolves all my problems from kotakcards. All of you can also get the best credit card deals online form Kotak Credit Cards. It’s time to get the best rewards from your credit card. Apply for free online credit cards available offered at http://www.kotakcards.com/
[ link to this | view in chronology ]