Escaped The Largest Credit Card Data Breach Ever? Well, Here's Another One...

from the just-assume-someone-else-has-your-cc-info dept

Remember last month when a credit card payment processor was forced to admit a security breach that could impact 100 million people? Well, if you were lucky enough not to get caught up in that breach, there's apparently another one to worry about. Visa and Mastercard are issuing a new warning over a different payment processor whose system was apparently compromised as well. At this rate, it's getting silly to have static credit card numbers, since it seems like we're replacing our cards every few months anyway.

Reader Comments (rss)

(Flattened / Threaded)

  1. identicon
    Anonymous Coward, Feb 24th, 2009 @ 6:28pm

    I think they do it on purpose

    It wont be long before there is a bill introduced to remove the obligation to report these incidents. It will be cleverly named something like the Truth In Data Breaches Act. Then when you report invalid charges on your account they will act like it is all your fault.

    reply to this | link to this | view in thread ]

  2. identicon
    TheStupidOne, Feb 24th, 2009 @ 7:49pm

    Verified Addresses, Bio Identifiers

    AND THE MARK OF THE BEAST!!! Beware everyone. the end time are upon us. The antichrist will rise soon and force us all to get RFID chips containing all of our financial information implanted in out hands or on our foreheads!!!!!

    but at least our information will be "secure"

    (waits for people to think I'm serious)

    I really should start using virtual credit card numbers for websites, but even then it doesn't help the real cards I get having their information stolen.

    hmmmm, what could be a good solution. How about a payment system for online purchases that generates a number for each individual merchant. If a charge comes through for a number that is specific to a merchant, but from somewhere else, then the bill goes to the merchant the "lost" the number. Then for an actual card, how about combine fingerprint and the card to make it work. might not be reasonable, but it is much more secure than a digital signiture.

    reply to this | link to this | view in thread ]

  3. identicon
    Anonymous Coward, Feb 24th, 2009 @ 8:26pm

    Re: Verified Addresses, Bio Identifiers

    "hmmmm, what could be a good solution."

    - Companies actually giving a shit ?

    reply to this | link to this | view in thread ]

  4. identicon
    eleete, Feb 24th, 2009 @ 8:41pm

    Identity Crisis

    I wonder how much Identity Theft has to do with the current crisis. We all hear about mortgages, but with that post about the Nigerian Scam perpetrated on CitiBank, Im surious what role Identity theft has in this whole mess. If it isn't completely manufactured in the first place. How many of these failing financial institutions (potential bailout recipients) would be willing to admit that they are victims of scams around the planet ?

    reply to this | link to this | view in thread ]

  5. identicon
    eleete, Feb 24th, 2009 @ 8:42pm

    Re: Identity Crisis

    surious = curious
    late night, sry

    reply to this | link to this | view in thread ]

  6. identicon
    Anonymous Coward, Feb 25th, 2009 @ 5:38am

    Think of the children!

    I'm sure advocates of keeping wifi logs for at least two years, wiretapping U.S. citizens, and those who would make file sharing illegal will be adding this to their defense. "See! Look how much child porn was purchased with stolen credit card numbers! Using credit cards should be illegal. Think of the children!"

    Honestly, I don't think we're far off from having mandatory RFID tags. They already put them in credit cards, passports, its not a far strech to think they will be added to state ID and drivers licenses.

    reply to this | link to this | view in thread ]

  7. identicon
    Some Credit Card Holder, Feb 25th, 2009 @ 6:10am

    I activated my last replacement card less than a week ago. Maybe they can just send me two more right away that way I don't have to wait so long between data breaches.

    reply to this | link to this | view in thread ]

  8. identicon
    Evil Mike, Feb 25th, 2009 @ 6:46am

    Re: Verified Addresses, Bio Identifiers

    In order for something like that to work, you'd need a unique identifier generated from a combination of merchant id, merchant location, shopper id, shopper location, and time/date of transaction. Keyword here is UNIQUE. Use a separate method of verifying the components of the unique transaction identification--verifies ALL of the info--and, of course, you'd have to make it un-spoofable.

    Good luck with that.

    reply to this | link to this | view in thread ]

  9. identicon
    Anonymous Coward, Feb 25th, 2009 @ 7:04am

    fear mongering?

    I have had credit cards for better then 20 years and have never nad to change a number or been the victim of any fruad. I take only general "thinking person" precautions and have only had to change cards on a couple occasions and each time only because I myself lost the card (I would also point out that I never cary cash and do absolutely everything on credit cards).

    Im not sure this hysteria is really all that productive. Especially when the credit card companies themselves absorb the vast majority of fraud people actually do encounter (which I suspect is much much much lower then many in the media - and security business- would have us think).

    reply to this | link to this | view in thread ]

  10. identicon
    Pin Me, Feb 25th, 2009 @ 9:16am

    Pin Me

    When is the use of Credit Cards going to require the entry of PIN numbers as well as the swipe. Then we could change our PINs every 30 days.

    reply to this | link to this | view in thread ]

  11. identicon
    chad, Feb 25th, 2009 @ 9:25am

    Re: Re: Verified Addresses, Bio Identifiers

    Why not have credit cards that have rotation numbers similar to RSA's SecurID authentication tokens? Combine that with a pin, and you have a more secure card.

    reply to this | link to this | view in thread ]

  12. identicon
    TJ, Feb 25th, 2009 @ 8:45pm

    A benefit to disposable numbers

    Since this case only involves card-not-present transactions like Internet sales, it looks like using disposable numbers can give me peace of mind on this one. Am using Bank of America's ShopSafe that issues unique numbers through a Flash applet, but there are other solutions too. It is a shame that I now have to be more worried about using the cc at a restaurant or gas station, and having been through trying to get false charges reversed with another bank it is something that concerns me.

    Something like chip-and-pin in the UK would be a step forward, but apparently that system sadly wasn't designed to be as resistent to direct hardware tampering as it could/should have been. It would be so nice for a change to see a mass-market security system rolled out where white-hats were given a chance to find obvious weaknesses before millions of people were using the thing.

    reply to this | link to this | view in thread ]

  13. identicon
    Anonymous Coward, Mar 8th, 2009 @ 12:51pm

    One popular approach is to transfer your high-interest credit card debt to some lower-interest loan - either a home equity loan or a low-interest card

    reply to this | link to this | view in thread ]

  14. identicon
    Nikhil Agarwal, Mar 18th, 2009 @ 12:33am

    Credit Cards

    I have got new credit cards that resolves all my problems from kotakcards. All of you can also get the best credit card deals online form Kotak Credit Cards. It’s time to get the best rewards from your credit card. Apply for free online credit cards available offered at

    reply to this | link to this | view in thread ]

  15. icon
    Gortha (profile), Jan 19th, 2010 @ 4:06pm

    Re: fear mongering?

    Actually the credit card companies do NOT absorb the majority of the fraud...the breached merchants do. I know..I'm one of them and there are thousands of merchants nation wide who have agreed to do this so they can continue to process credit cards in their businesses. It's sad...smacks of paying protection money to the it what you want. But the credit card companies won't take you unless you agree to pay any "charge backs" to cards that were compromised if their system is hacked.
    It's quite a racket! I was impressed. Sickened...but impressed...and it's legal. Go figure.

    reply to this | link to this | view in thread ]

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
Insider Shop - Show Your Support!

Hide this ad »
Essential Reading
Techdirt Deals
Techdirt Insider Chat
Hide this ad »
Recent Stories
Hide this ad »


Email This

This feature is only available to registered users. Register or sign in to use it.