CardSystems Solutions

Last updated

CardSystems Solutions was a credit card processing company. [1] In June 2005, the fact that 40 million credit cards had been stolen from CardSystems was discovered. [2] [3] This led to the discoveries that CardSystems had been keeping data in unencrypted form that it was contractually obligated to delete, and that its own network was vulnerable to infiltration by hackers. [4] [5] [6] Visa and American Express subsequently dropped it as a credit card processing company. [7] [8] The data breach prompted controversy over regulation and triggered a federal investigation into the incident. [9] CardSystems was acquired by Pay By Touch. The buyout was completed on December 9, 2005. [10] All charges brought by the Federal Trade Commission against the company were settled in February 2006. [11] On March 19, 2008, Pay By Touch shut down.

At the time it was the largest computer hack in history. [12] [13] The hack would be surpassed by two different Albert Gonzalez hacks discovered in 2007 the 45.6 million cards hacked from TJX Companies, revealed in March, and the 130 million cards hacked from Heartland Payment Systems, revealed in July.

Related Research Articles

<span class="mw-page-title-main">Visa Inc.</span> American multinational financial services corporation

Visa Inc. is an American multinational payment card services corporation headquartered in San Francisco, California. It facilitates electronic funds transfers throughout the world, most commonly through Visa-branded credit cards, debit cards and prepaid cards. Visa is one of the world's most valuable companies.

<span class="mw-page-title-main">American Express</span> American multinational financial services corporation

American Express Company (Amex) is an American bank holding company and multinational financial services corporation that specializes in payment cards. It is headquartered at 200 Vesey Street, also known as American Express Tower, in the Battery Park City neighborhood of Lower Manhattan. AMEX cards are primarily categorized in the order of Green, Gold, Platinum, and Black (Centurion), with a higher rank indicating a higher priority level.

<span class="mw-page-title-main">Mastercard</span> American multinational financial services corporation

Mastercard Inc. is the second-largest payment-processing corporation worldwide. It offers a range of payment transaction processing and other related-payment services. Its headquarters are in Purchase, New York. Throughout the world, its principal business is to process payments between the banks of merchants and the card-issuing banks or credit unions of the purchasers who use the Mastercard-brand debit, credit and prepaid cards to make purchases. Mastercard has been publicly traded since 2006.

<span class="mw-page-title-main">Capital One</span> Bank holding company headquartered in McLean, Virginia

Capital One Financial Corporation is an American bank holding company specializing in credit cards, auto loans, banking, and savings accounts, headquartered in McLean, Virginia with operations primarily in the United States. It is on the list of largest banks in the United States, is the third largest issuer of Visa and Mastercard credit cards and is one of the largest car finance companies in the United States.

<span class="mw-page-title-main">TJX Companies</span> American multinational discount department store corporation

The TJX Companies, Inc. is an American multinational off-price department store corporation, headquartered in Framingham, Massachusetts. It was formed as a subsidiary of Zayre Corp. in 1987, and became the legal successor to Zayre Corp. following a company reorganization in 1989.

<span class="mw-page-title-main">Egghead Software</span> Technology company based in Bellevue WA, USA

Egghead Software was an American computer software retailer. Founded in 1984, it filed for bankruptcy in 2001 and its domain name was acquired by Amazon.com.

<span class="mw-page-title-main">TJ Maxx</span> American discount department store chain owned by TJX Companies

TJ Maxx is an American department store chain, selling at prices generally lower than other major similar stores. It has more than 1,000 stores in the United States, making it one of the largest clothing retailers in the country. TJ Maxx is the flagship chain of the TJX Companies. It sells men's, women's and children's apparel and shoes, toys, bath and beauty products, accessories, jewelry, and home products ranging from furniture and decor to housewares and kitchen utensils.

Heartland Payment Systems, Inc. is a U.S.-based payment processing and technology provider. Founded in 1997, Heartland Payment Systems' last headquarters were in Princeton, New Jersey. An acquisition by Global Payments, expected to be worth $3.8 billion or $4.3 billion was finalized on April 25, 2016.

The Payment Card Industry Data Security Standard is an information security standard used to handle credit cards from major card brands. The standard is administered by the Payment Card Industry Security Standards Council, and its use is mandated by the card brands. It was created to better control cardholder data and reduce credit card fraud. Validation of compliance is performed annually or quarterly with a method suited to the volume of transactions:

A data breach is a security violation, in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen, altered or used by an individual unauthorized to do so. Other terms are unintentional information disclosure, data leak, information leakage and data spill. Incidents range from concerted attacks by individuals who hack for personal gain or malice, organized crime, political activists or national governments, to poorly configured system security or careless disposal of used computer equipment or data storage media. Leaked information can range from matters compromising national security, to information on actions which a government or official considers embarrassing and wants to conceal. A deliberate data breach by a person privy to the information, typically for political purposes, is more often described as a "leak".

<span class="mw-page-title-main">Credit card fraud</span> Financial crime

Credit card fraud is an inclusive term for fraud committed using a payment card, such as a credit card or debit card. The purpose may be to obtain goods or services or to make payment to another account, which is controlled by a criminal. The Payment Card Industry Data Security Standard is the data security standard created to help financial institutions process card payments securely and reduce card fraud.

<span class="mw-page-title-main">Credit card</span> Card for financial transactions from a line of credit

A credit card is a payment card, usually issued by a bank, allowing its users to purchase goods or services or withdraw cash on credit. Using the card thus accrues debt that has to be repaid later. Credit cards are one of the most widely used forms of payment across the world.

<span class="mw-page-title-main">Albert Gonzalez</span> American computer hacker and criminal

Albert Gonzalez is an American computer hacker, computer criminal and police informer, who is accused of masterminding the combined credit card theft and subsequent reselling of more than 170 million card and ATM numbers from 2005 to 2007, the biggest such fraud in history. Gonzalez and his accomplices used SQL injection to deploy backdoors on several corporate systems in order to launch packet sniffing attacks which allowed him to steal computer data from internal corporate networks.

Identity theft involves obtaining somebody else's identifying information and using it for a criminal purpose. Most often that purpose is to commit financial fraud, such as by obtaining loans or credits in the name of the person whose identity has been stolen. Stolen identifying information might also be used for other reasons, such as to obtain identification cards or for purposes of employment by somebody not legally authorized to work in the United States.

<span class="mw-page-title-main">Carding (fraud)</span> Crime involving the trafficking of credit card data

Carding is a term describing the trafficking and unauthorized use of credit cards. The stolen credit cards or credit card numbers are then used to buy prepaid gift cards to cover up the tracks. Activities also encompass exploitation of personal data, and money laundering techniques. Modern carding sites have been described as full-service commercial entities.

BlackPOS, also known as Kaptoxa, is a point-of-sale malware program designed to be installed in a point of sale (POS) system to scrape data from debit and credit cards. BlackPOS was used in the Target Corporation data breach of 2013.

<span class="mw-page-title-main">Simplii Financial</span> Banks of Canada

Simplii Financial is a Canadian direct bank and the digital banking division of the Canadian Imperial Bank of Commerce (CIBC). It offers no-fee chequing and savings accounts, a VISA credit card, Guaranteed Investment Certificates (GICs), mortgages and mutual funds. These savings and investment products are also eligible for registration under a Tax-Free Savings Account (TFSA) or a Registered Retirement Savings Plan (RRSP).

Data breach incidences in India were the second highest globally in 2018, according to a report by digital security firm Gemalto. With over 690 million internet subscribers and growing, India has increasingly seen a rise in data breaches both in the private and public sector. This is a list of some of the biggest data breaches in the country.

References

  1. "CardSystems Solutions, Inc.: Private Company Information - Bloomberg". www.bloomberg.com. Archived from the original on 20 January 2018. Retrieved 20 January 2018.
  2. writer, By Jeanne Sahadi, CNN/Money senior. "Breach affects 40M+ credit cards - Jul. 27, 2005". money.cnn.com. Archived from the original on 4 December 2017. Retrieved 20 January 2018.{{cite web}}: |first1= has generic name (help)CS1 maint: multiple names: authors list (link)
  3. Zeller, Tom Jr. (17 June 2005). "MasterCard Says Security Breach Affects 40 Million Cards". The New York Times. Archived from the original on 20 January 2018. Retrieved 20 January 2018.
  4. "CardSystems Exposes 40 Million Identities - Schneier on Security". www.schneier.com. Archived from the original on 6 August 2016. Retrieved 20 January 2018.
  5. Dash, Eric (20 June 2005). "Lost Credit Data Improperly Kept, Company Admits". The New York Times. Archived from the original on 7 November 2017. Retrieved 20 January 2018.
  6. "CardSystems' Data Left Unsecured". WIRED. Archived from the original on 6 July 2017. Retrieved 20 January 2018.
  7. Dash, Eric (19 July 2005). "Visa to Bar Transactions by Processor". The New York Times. Archived from the original on 21 May 2016. Retrieved 20 January 2018.
  8. Dash, Eric (21 July 2005). "Chief of Card Processor Fires Back at Visa". The New York Times. Archived from the original on 8 November 2015. Retrieved 20 January 2018.
  9. Dash, Eric (8 July 2005). "CardSystems Sets Plan to Comply With Security Standards". The New York Times. Archived from the original on 29 October 2015. Retrieved 20 January 2018.
  10. Dash, Eric (17 October 2005). "Card Center Hit by Thieves Agrees to Sale". The New York Times. Archived from the original on 23 October 2015. Retrieved 20 January 2018.
  11. "CardSystems Solutions Settles FTC Charges". Federal Trade Commission. 23 February 2006. Archived from the original on 10 April 2017. Retrieved 20 January 2018.
  12. Dash, Eric; Zeller, Tom Jr. (18 June 2005). "MasterCard Says 40 Million Files Put at Risk". The New York Times. Archived from the original on 21 September 2017. Retrieved 20 January 2018.
  13. TJX data breach: At 45.6M card numbers, it's the biggest ever - Computerworld - March 29, 2007 Archived May 2, 2012, at the Wayback Machine


This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.