800 Visa cards blocked

[InfoSec News <isn () c4i org>]

http://www.timesdispatch.com/business/MGB6S1MMEFD.html

BY CAROL HAZARD
TIMES-DISPATCH STAFF WRITER 
May 07, 2003
 
Stuck without a debit or credit card?

Someone hacked into a merchant's computer system, compromising
information on cards and leaving some bank and credit-union customers
without use of cards with the Visa logo.

Virginia Credit Union responded by blocking the use of 800 Visa cards,
canceling the accounts and issuing new account numbers and cards. New
cards should arrive in the mail this week.
 
"The compromise occurred as a result of an intrusion into a merchant's
data system and was not related to Virginia Credit Union or our card
processor," the credit union wrote to members in a letter dated April
30.

"The intrusion does not, in and of it- self, mean that these cards
will be involved in fraudulent activity, but it is possible. No
fraudulent activity has occurred to date."

Jean Holman, senior vice president at the credit union, said yesterday
that some of the closed accounts were debit cards and others were
credit cards, depending on which cards were used at the merchant.  
Holman said she does not know who the merchant is.

The credit union has 131,000 debit and credit cards, most carrying the
Visa logo, so the percentage affected was relatively small. However,
several financial institutions were apparently dealing with the same
mishap.

"It is important for U.S. cardholders to know they are fully protected
by Visa's zero-liability policy, which means they pay nothing for an
unauthorized purchase," Visa said in a statement regarding the
infraction.

"We are currently working with law enforcement and our member
financial institutions in this matter to ensure the protection of our
cardholders." Visa declined to say how many institutions or
cardholders were affected.

A similar incident occurred earlier this year. While this situation
involves a merchant, the one in February had to do with a third-party
processor. In that case, computer criminals gained access to details
of 10.2 million Visa, MasterCard, American Express and Discover credit
cards.

Visa introduced new security measures to protect against card fraud
and identity theft as a result of the February incident at Data
Processor International. It also levied "substantial" fines against
the company for the security breach but declined to say how much the
fine was.

John Hall, spokesman for the American Bankers Association, said he did
not THEFTwant to minimize the consumer hassle in dealing with card
fraud. However, consumers are not liable for card fraud, he said.

People need to guard their account numbers, check their statements for
unauthorized transactions and immediately report any unauthorized
transactions to their financial institutions, Hall said.

Losses from debit-card fraud totaled $157.1 million in 2001 (the most
recent year available), compared with check fraud of $693 million in
the same year, according to the American Bankers Association.

Holman said the Virginia Credit Union, in addition to writing letters,
called all 800 affected customers to inform them of the intrusion. She
said people were grateful for the notice.

Special arrangements were made for those who needed immediate use of
their cards, she said.

Contact Carol Hazard at (804) 775-8023 or chazard () timesdispatch com



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.