Another Attack on a U.S. Payment Processor

On the heels of the troublesome security breach at Heartland Payment Systems comes news of a new attack on a U.S. based payment processor/acquirer. The name of the company that has been victimized hasn’t been released yet, but several credit unions are reporting that Visa had alerted them to the new breach. In fact, the Pennsylvania Credit Union Association and the Tuscaloosa VA Federal Credit Union both have alerts on their websites as does the Open Security Foundation.

The breach at Heartland was only announced in late January and now before the end of February comes this news of another attack. The Heartland hack was believed to have been via malware and this new breach is thought to relate to online and telephone based transactions. The Tuscaloosa Credit Union’s report indicates that primary account number and expiration dates were taken from the unknown firm’s settlement system.
Reports indicate that the newest exposures occurred between February and August of last year and that while the breach is likely considerable, it is not expected to be as large as the one experienced by Heartland. Some accounts may even have fallen victim to both frauds.

Chris King, director of product marketing for Palo Alto Networks, says that if enterprises want to protect their customers they need to better manage the applications that run in their networks, not simply work to comply with PCI. He says, “Existing network security mechanisms remained clueless. So we’ve got to get a lot more proactive — without creating additional impedance for transactions.”