A data breach of their network was discovered in early March by Atlanta-based third-party payment-card processor Global Payments, and it may have potentially put over 10 million credit card accounts at risk. Third-party processors serve as middlemen between merchants and banks. Fortunately, consumers typically aren't liable for unauthorized purchases made on their cards. But the hackers have information they can use for identity theft months after the breach, so consumers should monitor credit reports to make sure no new accounts have been opened in their names.
In separate non-public alerts sent late last week, VISA and MasterCard began warning banks about specific cards that may have been compromised. The card associations stated that the breached credit card processor was compromised between Jan. 21, 2012 and Feb. 25, 2012. The alerts also said that full Track 1 and Track 2 data was taken – meaning that the information could be used to counterfeit new cards.
Global Payments will hold a conference call Monday, April 2, 2012 at 8:00 AM EDT. Callers may access the conference call via the investor relations page of the Company’s Web site at www.globalpaymentsinc.com by clicking the “Webcast” button; or callers in North America may dial 1-888-895-3550 and callers outside North America may dial 1-706-758-8809. The pass code is “GPN.”
Affected banks are now starting to analyze transaction data on the compromised cards, in hopes of finding a common point of purchase. Sources at two different major financial institutions said the transactions that most of the cards they analyzed seem to have in common are that they were used in parking garages in and around the New York City area.
A Gartner analyst reported that the entry point was a New York City taxi and parking garage company. They were able to use an admin account at the taxi company to steal electronic data from Global Payments' central server. It appears that the thieves stockpiled the stolen credit card numbers for months before beginning to use them.