Escaped The Largest Credit Card Data Breach Ever? Well, Here's Another One…

from the just-assume-someone-else-has-your-cc-info dept

Remember last month when a credit card payment processor was forced to admit a security breach that could impact 100 million people? Well, if you were lucky enough not to get caught up in that breach, there’s apparently another one to worry about. Visa and Mastercard are issuing a new warning over a different payment processor whose system was apparently compromised as well. At this rate, it’s getting silly to have static credit card numbers, since it seems like we’re replacing our cards every few months anyway.

Filed Under: ,
Companies: mastercard, visa

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Escaped The Largest Credit Card Data Breach Ever? Well, Here's Another One…”

Subscribe: RSS Leave a comment
TheStupidOne says:

Verified Addresses, Bio Identifiers

AND THE MARK OF THE BEAST!!! Beware everyone. the end time are upon us. The antichrist will rise soon and force us all to get RFID chips containing all of our financial information implanted in out hands or on our foreheads!!!!!

but at least our information will be “secure”

(waits for people to think I’m serious)

I really should start using virtual credit card numbers for websites, but even then it doesn’t help the real cards I get having their information stolen.

hmmmm, what could be a good solution. How about a payment system for online purchases that generates a number for each individual merchant. If a charge comes through for a number that is specific to a merchant, but from somewhere else, then the bill goes to the merchant the “lost” the number. Then for an actual card, how about combine fingerprint and the card to make it work. might not be reasonable, but it is much more secure than a digital signiture.

Evil Mike says:

Re: Verified Addresses, Bio Identifiers

In order for something like that to work, you’d need a unique identifier generated from a combination of merchant id, merchant location, shopper id, shopper location, and time/date of transaction. Keyword here is UNIQUE. Use a separate method of verifying the components of the unique transaction identification–verifies ALL of the info–and, of course, you’d have to make it un-spoofable.

Good luck with that.

eleete (user link) says:

Identity Crisis

I wonder how much Identity Theft has to do with the current crisis. We all hear about mortgages, but with that post about the Nigerian Scam perpetrated on CitiBank, Im surious what role Identity theft has in this whole mess. If it isn’t completely manufactured in the first place. How many of these failing financial institutions (potential bailout recipients) would be willing to admit that they are victims of scams around the planet ?

Anonymous Coward says:

Think of the children!

I’m sure advocates of keeping wifi logs for at least two years, wiretapping U.S. citizens, and those who would make file sharing illegal will be adding this to their defense. “See! Look how much child porn was purchased with stolen credit card numbers! Using credit cards should be illegal. Think of the children!”

Honestly, I don’t think we’re far off from having mandatory RFID tags. They already put them in credit cards, passports, its not a far strech to think they will be added to state ID and drivers licenses.

Anonymous Coward says:

fear mongering?

I have had credit cards for better then 20 years and have never nad to change a number or been the victim of any fruad. I take only general “thinking person” precautions and have only had to change cards on a couple occasions and each time only because I myself lost the card (I would also point out that I never cary cash and do absolutely everything on credit cards).

Im not sure this hysteria is really all that productive. Especially when the credit card companies themselves absorb the vast majority of fraud people actually do encounter (which I suspect is much much much lower then many in the media – and security business- would have us think).

Gortha (profile) says:

Re: fear mongering?

Actually the credit card companies do NOT absorb the majority of the fraud…the breached merchants do. I know..I’m one of them and there are thousands of merchants nation wide who have agreed to do this so they can continue to process credit cards in their businesses. It’s sad…smacks of paying protection money to the mob…black mail…call it what you want. But the credit card companies won’t take you unless you agree to pay any “charge backs” to cards that were compromised if their system is hacked.
It’s quite a racket! I was impressed. Sickened…but impressed…and it’s legal. Go figure.

TJ says:

A benefit to disposable numbers

Since this case only involves card-not-present transactions like Internet sales, it looks like using disposable numbers can give me peace of mind on this one. Am using Bank of America’s ShopSafe that issues unique numbers through a Flash applet, but there are other solutions too. It is a shame that I now have to be more worried about using the cc at a restaurant or gas station, and having been through trying to get false charges reversed with another bank it is something that concerns me.

Something like chip-and-pin in the UK would be a step forward, but apparently that system sadly wasn’t designed to be as resistent to direct hardware tampering as it could/should have been. It would be so nice for a change to see a mass-market security system rolled out where white-hats were given a chance to find obvious weaknesses before millions of people were using the thing.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...