December 24, 2005 11:03 AM PST

Visa deals with possible data breach

Visa USA acknowledged Saturday that a U.S. merchant "may have experienced a data security breach" that compromised credit card account information.

The statement came in response to a News.com inquiry related to customers whose Visa debit cards had been put on fraud watch or deactivated due to a security breach. The customers include a San Francisco Bay Area man whose Wells Fargo-issued card was deactivated this week and a couple in Ohio whose card was placed on a watch.

Wells Fargo referred the issue to Visa.

In its statement issued Saturday, Visa said that after it learned "of the compromise, Visa quickly alerted the affected financial institutions to protect consumers through independent fraud monitoring and, if needed, reissuing cards."

A Visa representative said Saturday that no other information was available at this time, including the name of the merchant, the number of accounts involved or when the event occurred.

Data theft and identity theft came to the fore this year when a data security breach at payment processing company CardSystems Solutions exposed more than 40 million credit card accounts to fraud, primarily Visa and MasterCard cards.

Other major data leaks this year involved financial institutions Bank of America and Wachovia, data brokers ChoicePoint and LexisNexis, and the University of California at Berkeley and Stanford University.

Visa's statement on Saturday reiterated its stance on credit card security.

"As Visa has said before, it's important that every entity that handles payment card information adhere to the highest data protection standards, such as the Payment Card Industry...standard, to protect the security and privacy of their customers. Visa is aggressively partnering with entities across the nation to broaden adherence to these standards," the statement said.

15 comments

Join the conversation!
Add your comment
Another Security Breach?
Does it surprise anyone that there was another security breach
from another credit card company. You now what really sucks
about all this identity theft? The fact that the credit card
companies, the retailers that take credit cards and checks and
the very companies that process the transactions all have one
thing in common: there never responsible for the incident and a
press release and a I"m sorry and everything is OK.

OK for you, the credit card companies who's only loss is that of a
couple of customers to one of there affiliates who will take the
debt of one card only to charge up another.

(By the way American Express. I believe you were in violation of
my companies web site www.matrixstructures.com (Matrix
Structures) when you sent me solicitation for a credit card
address to Matrix Structures Online. You used a robot to pilfer
my site and gain the contact information. You then processed
that information for your own financial benefit! Not only did you
violate my copy that I wrote you violated my privacy!)

The retailer's just as responsible in this Identity Theft that's
going on. I'm living proof of this and my brothers in jail because
of it but does Subway Corp. or Rainbow Foods Corporation care
that there employee's aided in the my identity being stolen. You
see the checks Jeff wrote out are from my landscape company
10 years ago. So the checks should of never been accepted in
the first place because Jeff's name was no were on there. Jeff
used a technique call "Social Engineering" to get the checks
passed at both places.

I'm not going to explain a story that you can read here:
(<a class="jive-link-external" href="http://www.matrixstructures.com/wordpress/?p=32" target="_newWindow">http://www.matrixstructures.com/wordpress/?p=32</a>)

While this is only one case I know there are many more. What
you need to notice about the story above is the difficulty the
consumer faces in an incident. Not only did the cops not now
what do because they more than likely didn't know how to
properly handle the situation.

As far as Rainbow Foods Corp and Subway Corp. I want to know
this: After your employee's allowed the bunk checks to go
through and you bank sent them back to you as one of the these
to things: either ISF (meaning Insufficient Funds) or the account
was flagged as non-existent. Now if the account was flagged as
NON Existent why didn't the BANK call the Cops.

And if you -- Rainbow Foods in Chaska, MN. and Subway in
Waconia MN. received those checks back with the knowledge
that the accounts were bogus then why didn't you call the cops?
Was it easier just to send the slips to a Collection Agency
because I have a Dozen of them from both Rainbow Foods
Collections and another unnamed Credit Recovery Company with
reprints of the checks you accepted. Some complete with
Jeffery's name on them. The fact is that both these companies
are liable for there employee's actions.

How's that watching out for the consumer. Now because of
Rainbow Foods Corporation and Subway Corporation's lack of
policy control I have become a victim of Identity Theft. So who
pay's for my time and money lost trying to put my ID back
together.

Apparently by the actions taken by VISA and the rest of them
they don't give a crap less about US -- The Consumers--. Once
again because of lack of repercussion's it's easier for Companies
to write these things off and continue to put society at risk.

Quote Me --- It's All True

~Justin
Posted by OneWithTech (196 comments )
Reply Link Flag
Rambling rant
Justin,

You have issues, but you knew that already. However, your rant is verging on, or wholly into the territory of, irresponsibility.

You got it wrong with your first sentence. In this news story a credit card company was not breeched, a merchant was. In fact, the merchant and the merchant's industry were not named in this article.

You rail against credit card companies, but probably use the benefits this device (the credit card) every day. Try this: for an entire year (1/53.83 or just under 2% of your average adult male life), go without using a single credit, debit, or charge card.

Your rant turns into an advert in the 3rd paragraph. If you think you were wronged, talk to a lawyer.

In the 4th paragraph, the subject of your anger becomes a retailer (not a credit card company as in the 1st two paragraphs) whom deserves some fault for the identity theft. Again, hire a lawyer. If they did not follow the established protocols, they are at fault.

It seems that paragraphs 4 through 9 are of a personal experience and have little relation to the news story except by implication. Did youthink we wouldn't notice?

Paragraph 10 gets back to the evil credit card companies. You really should focus on the topic when you write. You state that Visa doesn't care. If so, why did Visa acknowledge the breech? If they didn't (acknowledge the breech), would a conspiracy theory develop? Research the Visa CISP program and then the PCI DSS arrangement. It seems to me that you are not pursuing serious journalism.

I will not quote you. It seems that your interest in facts in marginal at best and your desire is to rant rather than solve problems.

To be a little bold, let me spout a little philosophy and possibly put something in perspective for you. This last piece is directed at your closing comment "Companies...continue to put society at risk." The subject is identity theft, a serious issue for many of us. However, that issue alone cannot put society at risk. Society is defined by who we are, how we deal with the good things, and how we deal with the bad things. Society is *not* defined by how we purchase merchandise.

JT
Posted by jtpickering (8 comments )
Link Flag
Just Go Back To Cash
It seems prudent that because of the massive incompetance of the whole gamut of financial destitutions, we go back to using cash -- yes U.S. greenbacks, as much as possible. Buy gas -- use cash. Buy groceries -- use cash. Buy imported crap from China at Target and Wakmart, use cash. The only thing that will force the credit/debit card Shilo's to fix their damn systems is to reduce their profitability by reducing the number of transactions processed.
Posted by Stating (869 comments )
Reply Link Flag
Another...
Keith,

Please read my reply to Justin (<a class="jive-link-external" href="http://news.cbsi.com/5208-1029-0.html?forumID=1&#38;threadID=12634&#38;messageID=97970&#38;start=-196" target="_newWindow">http://news.cbsi.com/5208-1029-0.html?forumID=1&#38;threadID=12634&#38;messageID=97970&#38;start=-196</a>).

It seems that you both need to restrain yourselves and think your way through a problem before you open your mouths.

Let me pose a simple question to you: have you ever tried to buy a house without established credit? It is possible, but not easy nor available to every person who wants a home of their own.

As it relates to credit: Responsible use of credit, knowledge of those things that can harm you, and reasonable steps of protection of those things should be the message.

JT
Posted by jtpickering (8 comments )
Link Flag
My credit card was used
I saw 2 fraud transactions in my account made in cerritos, CA , one in BEN BRIDGE JEWELERS,CERRITOS CA (for more than $2000) and another is a dept store ( &gt; $400) on 24th december.
Posted by rahul_s999 (2 comments )
Reply Link Flag
57 Million People Still Not Enough
Apparently having 57 million people exposed to data security breaches in 2005 was still not enough to get data Execs canned, people sent to jail, and Congress to get off their $$$lobbied up ***** and actually do something about this.

<a class="jive-link-external" href="http://www.washingtonpost.com/wp-dyn/content/article/2005/12/27/AR2005122700959_pf.html" target="_newWindow">http://www.washingtonpost.com/wp-dyn/content/article/2005/12/27/AR2005122700959_pf.html</a>
Marriott Discloses Missing Data Files
Backup Tapes Lost At Time-Share Unit

By Michael S. Rosenwald
Washington Post Staff Writer
Wednesday, December 28, 2005; D01

Marriott International Inc.'s time-share division said yesterday that it is missing backup computer tapes containing credit card account information and the Social Security numbers of about 206,000 time-share owners and customers, as well as employees of the company.

Officials at Marriott Vacation Club International said it is not clear whether the tapes, missing since mid-November, were stolen from the company's Orlando headquarters or whether they were simply lost.

"The loss of Marriott's tapes is the latest in a series of high-profile security lapses involving data that can be used in identity theft schemes. In 2005, there were at least 134 data breaches affecting more than 57 million people, according to the Identity Theft Resource Center, a California nonprofit that helps people hurt by identity theft and lobbies on computer-privacy issues."
Posted by Stating (869 comments )
Reply Link Flag
VISTA FCU Affected
VISTA FCU (www.vistafcu.org), refuses to state how many of it's
members were hit by this breach. This is the second time this
year that a VISA processor breach has caused my account to be
deactivated and reissued. The pain of having to update ALL of
the timed accounts/online billing that a person uses is just
amazing. The approach is to shotgun deactivate large blocks of
cards in hopes of getting those few that were leaked. Never
mind the people that are hugely put out having to deal with their
screwup. Not a single apology from either the Bank or VISA after
spending 2 hours on the phone with them today.
Posted by themadcow--2008 (1 comment )
Reply Link Flag
Even more annoying is the fact that the breached merchant is being currently withheld from the public. How do I know that one of my auto-bill accounts is not the one that was breached? I'm in limbo until they release the merchant info to the public...
Posted by davehellbent (1 comment )
Link Flag
Another Visa Security Breach
There remains an enormous gap in regulatory activity, and skilled regulators, to monitor legal compliance of all parties that have personal and confidential information. In fact, outsourcers have, and continue, to process information for financial institutions without proper controls. Although required since 1988 by financial regulators, major financial institutions do not have proper contract terms and control verification prior to, and during, processing consumer financial information. Regulators know it but nothing is done. Small and medium financial institution, despite the collective economic impact, are not required to ensure proper controls. Why? The regulators have said because they do not pose a significant threat - this is absurd (especially since they use the same providers). What makes anyone think that local stores that accept your debit and credit cards have controls. I echo one of the other respondents - companies STILL do not want to spend the money to secure consumer information. Is anyone considering the economics involved here?
Posted by skobryan (4 comments )
Reply Link Flag
P.S.
Technolog for encrypting data before putting it to tape and sending it out is not new technology - another example of even the most basic controls being "tabo" in the spending scheme.
Posted by skobryan (4 comments )
Reply Link Flag
Another breach must have occurred. I got a call from my bank that a vendor breach had occurred, but they had no information beyond that. Visa refused to give additional information, other than to say they were investigating. Today, my card was cancelled due to unauthorized charges yesterday. Nobody is talking.
Posted by ljdickin (1 comment )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.