Citi re-issues cards following merchant breach

Citi re-issues cards following merchant breach

Citigroup has started sending replacement credit cards to customers whose accounts may have been compromised in the massive Heartland Payment Systems breach, the Associated Press reports.

The new cards were mailed with a notice labelled 'Important Security Message' that explains the "account number may have been illegally obtained as a result of a merchant database compromise and could be at risk for unauthorised use".

Citi - which has more than 150 million credit card accounts worldwide - has not confirmed the merchant database involved and has declined to reveal the total number of payment cards re-issued.

Hundreds of banks across the US have said their customers were involved in the Heartland breach. While some have begun to issue replacement cards, others have said they are monitoring their systems for unusual activity to detect fraud.

Police made their first arrests in the case last week, when three Florida-based men were apprehended after using stolen credit card numbers to make fraudulent purchases at local Wal-Mart stores.

The men are alleged to have been using the purloined numbers to electronically encode Visa Gift Cards which were then used to make fraudulent purchases at local businesses.

Meanwhile, rumours are circulating of another breach at an unknown payments processor. MasterCard and Visa are believed to have been circulating warnings to members banks about the attack, which is understood to have mirrored the Heartland break-in, where fraudsters planted malware on the company's servers to sniff out account numbers, PAN, and expiration dates.

A statement issued by the Community Bankers Association of Illinois says: "Visa announced that an unnamed processor recently reported that it discovered a data breach. The processors name has been withheld pending completion of the forensic investigation"

Comments: (1)

A Finextra member
A Finextra member 24 February, 2009, 02:19Be the first to give this comment the thumbs up 0 likes

The real problem is the ridiculous number on a card based system. A dumb approach, destined to fail every time.

Just using such a system which requires new cards to be issued every time there is a breach really shows how clue-less the operators of such schemes are. One would have thought they would have realised after the first few dozen times. Clearly there is a shortage of intellect in management.

Perhaps the outcome would be different if the decision-makers had their salary linked to losses.