In 2005, a credit card giant was brought down by a massive security breach. It was said that at least 68,000 MasterCard account numbers were taken from the CardSystems database and that approximately 40 million cards of various brands were exposed. Since this breach, we have implemented PCI DSS and have come a long way in fighting these types of security breaches…or so we thought.
On Tuesday January 20th, 2009 Heartland Payment Systems, a New Jersey based payment processor, disclosed that they had been hacked. Heartland Payment Systems processes about 100 million transactions a month for over 250,000 merchants. Although Heartland has not released numbers on how many card numbers have been compromised, it has been said that this breach will set a historic record. A breach of this magnitude will no doubt create a surge in fraudulent transactions all across a wide range of ecommerce sites and affect online purchases for a long time.
If you are an online business owner, be prepared for a rise in chargebacks and declined transactions. It is now more important than ever to have systems in place to monitor fraudulent activity. Implementing alert systems that detect a fraudulent transaction before they go through is a way to stay one step ahead. Another is to make sure you require AVS and CVV2 confirmations on your online orders. Most importantly, have clear purchase terms and conditions on your site.
Only Heartland and the U.S. Secret Service will know the true extent of the security breach, but I am sure that we will all feel it in one way or another. If you are worried you are a card holder who may have been compromised, immediately notify your bank and have a new card issued. Contact all three credit bureaus and put an alert on your account.