AOH :: IS1533.HTM

RBS WorldPay Breach Rings Alarm Bells About Acquirer Security




RBS WorldPay Breach Rings Alarm Bells About Acquirer Security
RBS WorldPay Breach Rings Alarm Bells About Acquirer Security



  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

--1457021584-725717663-1230539042=:10946
Content-Type: TEXT/PLAIN; CHARSET=UTF-8
Content-Transfer-Encoding: QUOTED-PRINTABLE
Content-ID:  

http://www.digitaltransactions.net/newsstory.cfm?newsid=2025 

Digital Transactions News
December 23, 2008

The latest data-breach battleground has shifted to merchant-acquiring 
and prepaid card territory. Atlanta-based RBS WorldPay, a big acquirer 
owned by the Royal Bank of Scotland Group that also provides prepaid 
card programs, late Tuesday afternoon reported a breach of its computer 
system that may have compromised personal information on about 1.5 
million cardholders, including the Social Security numbers of 1.1 
million consumers.

The data leak affected prepaid cardholders =E2=80=9Cand other individuals,=E2=80=9D RBS 
said in a news release, but the company didn=E2=80=99t give a breakdown other 
than to say the cardholders held payroll and open-loop gift cards. 
=E2=80=9CPersonal information associated with certain payroll cards may have 
been improperly accessed,=E2=80=9D the release says. =E2=80=9CPINs for all PIN-enabled 
cards have been or are being reset.=E2=80=9D Actual fraud to date involves only 
100 cards. The company did not give a loss figure.

Formerly known as RBS Lynk, RBS WorldPay said it discovered the breach 
Nov. 10 and notified law-enforcement agencies and banking regulators 
=E2=80=9Cshortly thereafter,=E2=80=9D according the release. But the company didn=E2=80=99t say 
why it waited until Dec. 23 to report the breach publicly. Spokespersons 
did not return calls from Digital Transactions News. Nor did the news 
release say how the breach happened or when it began. =E2=80=9CRBS WorldPay has 
urgently taken a number of important steps to mitigate risk in response 
to this situation,=E2=80=9D the release says without giving details. RBS 
WorldPay said it has notified affected cardholders and posted 
information on its Web site.

This latest breach represents yet another worrisome development in the 
payment card industry=E2=80=99s unending war with computer intruders. While most 
of the attention in the past two years has focused on retailers=E2=80=99 lapses 
in securing credit and debit card data, the RBS WorldPay breach serves 
as a reminder of how hackers can penetrate the computer systems of a 
major acquirer and processor. =E2=80=9CIt=E2=80=99s very bad news,=E2=80=9D says Avivah Litan, a 
technology and security analyst with Stamford, Conn.-based Gartner Inc. 
She notes that unlike retailers=E2=80=99 computer systems, processors=E2=80=99 systems 
connect directly to the networks of Visa Inc. and MasterCard Inc. =E2=80=9CAn 
attacker that breaks into a processor conceivably can get into the heart 
of the system,=E2=80=9D she says, adding that a fraud-intelligence executive at 
a Gartner client company recently told her that attacks on acquirers and 
processors are increasing.

[...]


--1457021584-725717663-1230539042=:10946
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________      
Please help InfoSecNews.org with a donation!
http://www.infosecnews.org/donate.html 

--1457021584-725717663-1230539042=:10946--

Site design & layout copyright © 1986-2014 CodeGods