Visa and MasterCard began warning banks about specific card that were potentially compromised, reported Krebs Security. The companies reportedly said that their breached credit card processor was compromised sometime between Jan. 21 and Feb. 25 of 2012. The company also reportedly said that Track 1 and Track 2 data was taken. This means that it is possible for the thieves to uses the information to create new, counterfeit cards.
MasterCard's own systems have not been compromised in any manner, a company spokesman said, reported the Wall Street Journal. However, the company did not mention how many cards were compromised, but an independent data security organization is conducting an ongoing investigation into the incident. It is possible up to 10 million cards were compromised in which Krebs Security sources called it a massive security breach.
MasterCard is concerned whenever there is any possibility that cardholders could be inconvenienced and we continue to both monitor this event and take steps to safeguard account information, said the company according to Bloomberg.
While Visa and MasterCard's systems were not directly hacked, the companies said that the U.S.-based processors were the source of the breach, reported Krebs Security.
Visa and MasterCard don't lend or issue cards to consumers; rather, they process transactions for banks that issue their cards and those that handle transactions for merchants, reported the Wall Street Journal.
Reports indicate that as the banks analyze transactions in order to determine to a common element, they discovered that some on the compromised cards were used in parking garages in New York City and in surrounding areas.
On Wednesday, PSCU, a major provider of online financial services, reportedly alerted 482 credit union that handled credit cards affected by the breach. Reports indicate that a total of 56,455 member VISA and MasterCard accounts were potentially compromise. However, PSCU said that only a small number of those accounts have been detected as having potential fraudulent activity.
All parties involved in the breach are looking into the issue.