Global Breach Date Now Jan. 2011 Visa, MasterCard Offer Revised Timeline

Visa and MasterCard issued new alerts on May 15 that suggest the breach at payments processor Global Payments Inc. dates back to January 2011 - an exposure window significantly longer than what was originally reported when news of the breach surfaced in late March.

See Also: Cyber Weapons of 2015: Know Your Enemy (Because They Know You)

Two card issuers have confirmed the updated advisories push the breach date back to Jan. 30, 2011. Visa's alerts in March indicated the breach occurred sometime between Jan. 21, 2012, and Feb. 25, 2012. On April 26, an updated advisory from Visa put the suspected intrusion date closer to June 7, 2011. (See Global Breach: Did It Start in 2011?)

Global has maintained that it notified the affected card brands in early March as soon as it identified the breach. But Global has offered no precise information about the breach timeline and indicated on May 14 that it had no comment beyond what was already posted on its website.

Late last week, some sources said the Global breach may have exposed 7 million debit and credit accounts - a significant increase from the 1.5 million Global reported during its April 1 press conference/investors call. (See Is Global's Breach Growing?)

The Wall Street Journal and Brian Krebs, the blogger who broke the breach news, reported the increased card exposure figure, based on information they'd gathered from sources close to the case.

According to Krebs' most recent blog, Union Savings Bank in Connecticut linked debit fraud to a café at a nearby private school. After the bank determined the school was a Global customer, it contacted Visa.

Connecting the Fraud

But connecting fraud links has proven challenging for most card issuers. As the possible exposure window widens, it will get even more challenging.

"January 2011 is what both networks are telling issuers," one affected issuer tells BankInfoSecurity. "Clearly, this is a significant increase, but I have no idea if it makes the grand total 7 million. I can tell you that since these populations are so old, most of the fraud has already been incurred."

Earlier this month, just after Visa and MasterCard issued updated advisories, an executive at another issuer said the expanded timeframe, then thought to go back only to June 2011, had increased the institution's compromised card total by about 50 percent. Now, as a result of the latest alerts, the exposed card pool at this issuer totals about 2,000 accounts.

"We are running the numbers now, but it looks like most of our fraud from the segment was spring 2011," the executive at this issuing institution says.

The fraud the issuer has seen so far has been linked to credit, not debit, accounts, and has primarily been connected to overseas transactions, he adds.

Global's Impact on Issuers

Both issuers say the updated advisories are unquestionably linked to the Global breach. Advisories or alerts from the card brands reference codes. All of the compromises linked to Global have a common code. "These last night were coded the same as the other previous Global populations," one issuer says.

Issuing institutions can expect potential fraud that spans a much greater period of time on a continually expanding number of credit and debit accounts, says Avivah Litan, a fraud analyst at Gartner and one of the first experts to comment about the breach.

"It is highly likely that more than 1.5 million cards were compromised, and that the ramifications for the issuing banks are much larger than indicated by the CEO of Global," she says. "In other words, there is likely to be continuing and significant fraud-attempt activity against the issuing banks."


About the Author

Tracy Kitten

Tracy Kitten

Executive Editor, BankInfoSecurity & CUInfoSecurity

A veteran journalist with more than 18 years' experience, Kitten has covered the financial sector for the last 11 years. Before joining Information Security Media Group in 2010, where she now serves as the Executive Editor of BankInfoSecurity and CUInfoSecurity, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.




Around the Network