From: InfoSec News (alertsinfosecnews.org)
Date: Mon Dec 29 2008 - 02:36:31 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.digitaltransactions.net/newsstory.cfm?newsid=2025

Digital Transactions News
December 23, 2008

The latest data-breach battleground has shifted to merchant-acquiring
and prepaid card territory. Atlanta-based RBS WorldPay, a big acquirer
owned by the Royal Bank of Scotland Group that also provides prepaid
card programs, late Tuesday afternoon reported a breach of its computer
system that may have compromised personal information on about 1.5
million cardholders, including the Social Security numbers of 1.1
million consumers.

The data leak affected prepaid cardholders “and other individuals,” RBS
said in a news release, but the company didn’t give a breakdown other
than to say the cardholders held payroll and open-loop gift cards.
“Personal information associated with certain payroll cards may have
been improperly accessed,” the release says. “PINs for all PIN-enabled
cards have been or are being reset.” Actual fraud to date involves only
100 cards. The company did not give a loss figure.

Formerly known as RBS Lynk, RBS WorldPay said it discovered the breach
Nov. 10 and notified law-enforcement agencies and banking regulators
“shortly thereafter,” according the release. But the company didn’t say
why it waited until Dec. 23 to report the breach publicly. Spokespersons
did not return calls from Digital Transactions News. Nor did the news
release say how the breach happened or when it began. “RBS WorldPay has
urgently taken a number of important steps to mitigate risk in response
to this situation,” the release says without giving details. RBS
WorldPay said it has notified affected cardholders and posted
information on its Web site.

This latest breach represents yet another worrisome development in the
payment card industry’s unending war with computer intruders. While most
of the attention in the past two years has focused on retailers’ lapses
in securing credit and debit card data, the RBS WorldPay breach serves
as a reminder of how hackers can penetrate the computer systems of a
major acquirer and processor. “It’s very bad news,” says Avivah Litan, a
technology and security analyst with Stamford, Conn.-based Gartner Inc.
She notes that unlike retailers’ computer systems, processors’ systems
connect directly to the networks of Visa Inc. and MasterCard Inc. “An
attacker that breaks into a processor conceivably can get into the heart
of the system,” she says, adding that a fraud-intelligence executive at
a Gartner client company recently told her that attacks on acquirers and
processors are increasing.

[...]

_______________________________________________
Please help InfoSecNews.org with a donation!
http://www.infosecnews.org/donate.html

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]