Intruder gains access to credit-card accounts
By Eileen Alt Powell
Associated Press
NEW YORK — An "unauthorized intruder" gained access to some 8 million credit-card account numbers — including Visa, MasterCard and American Express — by breaching the security of a company that processes transactions for merchants, the card companies said yesterday.
Visa said that there had been no sign of fraudulent activity involving the accounts and that the card association was monitoring the situation.
Christine Elliott, a spokeswoman for American Express, said that security processes were in place to determine if card numbers were being misused but that "we're not aware of any unusual activity with the affected cards." She said the company would contact card members if any suspicious spending activity is noticed, adding that consumers do not need to research the matter themselves.
Mastercard Inc., which is based in Purchase, N.Y., said it was notified of the breech early this month and that "approximately 8 million account numbers, of which 2.2 million were MasterCard cards, were possibly compromised."
An estimated 3.4 million Visa cards were involved, said Visa USA spokesman John Abrams. American Express declined to give a specific total. It was not immediately clear how many other card issuers were affected.
None of the card companies would identify the third-party processor or say exactly when or how the unauthorized intrusion occurred. As a result, it could not be determined if the incident involved an outside hacker, unauthorized access by an employee or some kind of physical theft of a database.
Processors handle transactions for merchants, bundling and transmitting charges to the banks that issue the cards.
Visa, which is based in Foster City, Calif., said it "has been informed by a third-party payment processor about an unauthorized intrusion." It said that after learning of the incident, the company's fraud team "immediately notified all affected card-issuing financial institutions and is working with the third-party payment card processor to protect against the threat of a future intrusion."
MasterCard Inc. said investigations were under way.
"We have notified our member financial institutions of the accounts involved, so that they may monitor each account for fraud and/or reissue cards as appropriate," the card association said.
Visa, MasterCard and American Express have "zero-liability policies" protecting customers from fraudulent uses of their cards.
