In March 2012, a data breach at Global Payments, a credit and debit card processing company was thought to have comprised credit and debit information from all of the major card brands.
Although Krebs on Security, a company which tracks cyber crimes, reported on March 30, 2012, as many as 10 million debit and credit cards could be affected; Global Payments reported April 2, 2012 that the data breach may affect less than 1.5 million credit cards in North America.
Visa and Mastercard announced Friday, March 30, 2012; they had notified their card holders of the potential for identity theft and illicit charges because of the breach. Both Visa and Mastercard said Friday that their own systems had not been compromised.
Global Payments said that credit card data may have been stolen, but that cardholder names, addresses and social security numbers were not obtained.
The reason why this latest data breach had the potential to be massive is that Global Payments processes a significant amount of credit card transactions. When a customer swipes a credit card, the data is sent to Global Payments, which then forwards the transaction information to card companies like Visa and MasterCard. Global Payments specializes in servicing small merchants, such as your local mom-and-pop business.
But Global Payments Chairman and CEO Paul Garcia said, “We are open for business and continue to process transactions for all of the card brands.”
According to the Wall Street Journal, Global Payments processed $167.3 billion worth of transactions in its last fiscal year, which ended May 31, 2011.
While both Visa and Mastercard both stressed their own networks had not been penetrated, both released statements regarding the breach.
Visa released the following: “Visa Inc. is aware of a potential data compromise incident at a third party entity affecting card account information from all major card brands…”
Mastercard said it has alerted payment card issuers “regarding certain MasterCard accounts that are potentially at risk.”
Because this situation is fluid and the outcome is yet known, here are a few things you can do to protect yourself:
Monitor your credit and debit accounts
Monitor your accounts and statements for your credit as well as debit cards. Should you discover any unauthorized transactions contact your credit card issuer or bank immediately. In addition request they pay for a credit monitoring service if your account has been compromised.
Be wary of unsolicited requests
If you are contacted by anyone claiming to represent Mastercard or Visa asking for personal or payment card information do not provide any information. Financial institutions do not proactively solicit this type of information from account holders.
Zero liability for unauthorized transactions
Most credit card account holders are protected by a zero liability policy for unauthorized transactions. This means account holders are not responsible should an unauthorized transaction occur.
But there may be a catch. Virtually all banks have a version of a zero-liability policy for their debit and credit cards; however, these policies may not be the same when it comes to fraud reporting deadlines, coverage for various types of transactions and even replacement time.
Credit card purchases are covered under the Truth-in-Lending Act (Regulation Z) making your liability for any unauthorized transaction made before you report a lost or stolen card is limited to $50.
With a debit card, you must promptly notify your bank or you can lose all the money in your account. Debit cards are covered under the Electronic Funds Transfer Act (Regulation E).
Under Regulation E, your liability is $50 if you notify the bank within 2 days of discovering unauthorized transactions but if you take more than 2 days your liability can go up to $500! If you fail to notify your bank within 60 days after you received your statement with the unauthorized transactions on it, you could be liable for the entire stolen amount.
The rules for credit card liability are a lot more consumer-friendly.