Authorities Hunt Source Of Credit CardBreach

SAN FRANCISCO - (03/15/06) – A worldwide investigation intothe widening credit card fraud that is plaguing credit unions andbanks from coast to coast is apparently pointing to one or morethird-party processors of Visa and MasterCard debit cardtransactions. Though Visa notified credit unions and banks to flagcards that had transacted business at the OfficeMax office supplychain, authorities believe a more likely culprit is a processor,because several other retailers accounts’ are also suspect,sources told The Credit Union Journal. But that’s where thetrail ends, even while tens of thousands of dollars are beingdrained from U.S. cardholders’ accounts in fraudulenttransactions originating in foreign locales like Russia, Pakistan,England, Spain and South Africa. “It definitely wasn’ta retailer,” said Avivah Litan, a cards expert with GartnerGroup. “It’s someone driving terminals or processingout transactions. That’s where the encryption key isassigned. The question is: were they (the card numbers and PINs)stored or read in transit? My guess is they (the crooks) got it intransit.” Meantime, dozens of credit unions and banks,including some of the biggest have cancelled Visa debit cards bythe thousands over the last few weeks. Among them are: The Golden 1CU, State Employees CU (North Carolina), Digital Employees FCU,Bethpage FCU, Citibank, PNC, National City Bank, Wells Fargo, Bankof America and Washington Mutual. Authorities are calling thelatest breach the biggest credit card fraud ever, with more than amillion cards expected to be recalled as a result.

For reprint and licensing requests for this article, click here.
MORE FROM AMERICAN BANKER