Card companies, U.S. banks hit by security breach

(MoneyWatch) NEW YORK — Card-payment processors and U.S. banks are investigating a data-security breach after third-party service provider Global Payments Inc. (GPN) announced in a statement on its website Friday that it has confirmed unauthorized access into its payment-processing system, and card information may have been compromised.

Reuters reported that MasterCard Inc. (MA), Visa Inc. (V), American Express Co. (AXP) and Discover Financial Services (DFS) were hit by the breach, though it was not immediately clear how many cardholders were affected.

MasterCard announced earlier Friday that it was investigating whether cardholder account data was improperly accessed. The payments company said it has alerted law enforcement authorities and notified card issuers about the potential breach of cardholders' account information.

"The incident is currently the subject of an ongoing forensic review by an independent data-security organization," a MasterCard spokesman said in the statement. "MasterCard is concerned whenever there is any possibility that cardholders could be inconvenienced, and we continue to both monitor this event and take steps to safeguard account information."

Visa said in a statement Friday that it was "aware of a potential data compromise incident at a third-party entity affecting card account information from all major card brands." The company emphasized that there had been no breach of any Visa system, "including its core processing network VisaNet."

"Visa has provided payment card issuers with the affected account numbers so they can take steps to protect consumers through independent fraud monitoring and, if needed, reissuing cards," the company said.

Both MasterCard and Visa stressed that cardholders are not held responsible for any fraudulent charge made on their cards.

A blog, Krebs on Security, reported Friday that MasterCard and Visa started warning banks about the breach late last week. Citing financial industry sources, the blog said more than 10 million card numbers may have been exposed. The breach reportedly took place between Jan. 21, 2012, and Feb. 25, 2012, and involved data that could be used to counterfeit cards, according to Krebs on Security.

Global Payments helps card companies processes electronic transactions for merchants. Trading of Global Payments' shares was halted Friday after a report linked the company to the data breach. The stock was down 9.1 percent when trading was stopped.