Full Canadian impact of Visa, MasterCard breach still not clear

There’s still no official word on how many Canadian Visa and MasterCard customers may have been affected by the security breach at payments processing company Global Payments Inc.

Visa and MasterCard are staying mum on how widespread the impact is sofar. But according to the TorontoStar, RBC and TD Bank suspect only afew Canadianclients may have been affected and Scotiabank told the Star it is nownotifying “a small number” of customers who might have been affected.

Canadian Visa and MasterCardclients are still in the dark about the full impact of the GlobalPayments breach.

According to Global Payments’ earnings results released yesterday,about 25 per cent of its North American mechant services revenue camefrom Canada during the quarter ended Feb. 28.

In a conference call on Monday, Global Payments said it has containedthe breach to thebest of its ability. The company said late Sunday thatinformation on up to 1.5 million card numbers may have been “exported”as a result of an unauthorized access into its processing system.

Visaand MasterCard are alerting banks across the U.S. about the recentmajor breach that could involve more than 10 millioncompromised cardnumbers, security news writer Brian Krebs wrotein breaking the story on his blog last Friday.

Krebsdid not name the payment processor. However later on Friday, GlobalPayments said the company determined in early March that card data mayhave been accessed.

The Atlanta company said Sunday it believesthat the affected portion of its processing system is confined to NorthAmerica, and that Track 2 card data may have been stolen. The AmericanBankers Association developed the format for track 2 data on a magneticcard, which usually contains account number, expiry date of card, andsometimes discretionary data.

Cardholder names, addresses andSocial Security numbers were not obtained by the hackers, GlobalPayments said. “Based on the forensic analysis to date, networkmonitoring and additional security measures, the company believes thatthis incident is contained,” it added.

The company said it wasopen for business and continues to process transactions for all of thecard brands. Visa has removed Global Payments from its list of”compliant service providers,” according to reports.

AVisa spokesman said on Monday that based on Global Payments’ reportedunauthorized access, Visa removed the company from its registry of PCIDSS (Payment Card Industry Data Security Standard) validated serviceproviders. As is its normal process, Visa has asked Global Payments torevalidate its PCI DSS compliance, he added. Global Payments did notimmediately respond to a request for comment on Visa’s action.

PCIDSS has proven to be a highly effective foundation of minimum securitystandards when fully, correctly and consistently implemented across allsystems handling cardholder data, the Visa spokesman said.

Visasaid Friday that there was no breach of Visa systems, including itscore processing network VisaNet. It had provided payment card issuerswith the affected account numbers from the Global Payments’ breach sothey can take steps to protect consumers through independent fraudmonitoring and, if needed, reissuing cards, it said.

Everybusiness that handles payment card information is expected to protectthe security and privacy of their customers’ financial information byadhering to the highest data protection standards, Visasaid in astatement.

MasterCard said on Friday that it was investigating a potential accountdata compromise, but its own systems were not affected in any way.

With files fromJohn Ribeiro.

Share on LinkedIn Share with Google+