Payment processor breach could be among biggest ever

The Washington Post: A data breach last year at payment processor Heartland Payment Systems may have compromised tens of millions of credit and debit card transactions, which would make it one of the largest breaches ever reported. The company, which processes payments for more than 250,000 businesses, said it began receiving fraudulent activity reports late last year from MasterCard and Visa on cards that had all been used at merchants which rely on Heartland to process payments. It wasn't until last week, the company said, that investigators uncovered the source of the breach: A piece of malicious software planted on the company's payment processing network that recorded payment card data as it was being sent for processing to Heartland by thousands of the company's retail clients. The data stolen includes the digital information encoded onto the magnetic stripe built into the backs of credit and debit cards. Armed with this data, thieves can fashion counterfeit credit cards by imprinting the same stolen information onto fabricated cards, but it is difficult for thieves to perform card-not-present transactions because they did not obtain address information.

Click to continue