Two Australian banks discovered the problem, but credit card companies declined to investigate at the time.
The revelation that 40 million credit cards were exposed to theft via a third-party payment processor, which violated industry rules by keeping those credit card details, took another turn today.
National Australia Bank and Australia and New Zealand (ANZ) Bank found indications of the problem in December and January, respectively, and contacted the credit card companies about the problem, according to the Sydney Morning Herald.
The credit card companies apparently declined to investigate until evidence from other countries grew so great that they were forced to act.
Tim Morris, MasterCard’s vice-president of security for the Asia-Pacific region, said CardSystems was traced as the site of the original breach “as time moved on and other reports from around the globe reached similar conclusions”.
“You need to be pretty certain, because the consequences of falsely accusing someone could be catastrophic to their business,” he said in the SMH article.
Unfortunately for the millions of consumers affected by the problem, the credit card companies’ lackadaisical approach let third-party processor CardSystems of Atlanta and Tucson continue to amass millions of credit card numbers, names, and expiration dates.
That practice, admitted to by CardSystems CEO John Perry in a New York Times article, gave criminal hackers a grand prize to reward their exploit of a vulnerability in CardSystems network.
CardSystems claims their reason for the unauthorized retaining of credit card information was for research purposes.
“CardSystems provides services and is supposed to pass that information on to the banks and not keep it,” said Joshua Peirez, a MasterCard senior vice president. “They were keeping it.”
Jessica Antle, a MasterCard spokeswoman, said that CardSystems had never demonstrated compliance with MasterCard’s standards. “They were in violation of our rules,” she said.
David Utter is a staff writer for Murdok covering technology and business. Email him here.
