Microsoft Software to Blame for the CardSystems Solutions Data Security Breach?

The cyber break-in at CardSystems Solutions that exposed more than 40 million credit cards accounts to fraud is thought to have been possible because of software security vulnerabilities.


The latest and the largest database hack at a credit card processing company has affected 40 million accounts for Visa and MasterCard, while 200.000 records have been stolen, according to a previous report.

People are asked not to panic, as officials have announced that only a small percentage of consumers might have been affected by fraud.

The cyber break-in at CardSystems Solutions, which handles more than $15bn in card transactions annually, makes the subject of an official investigation.

According to a MasterCard International spokesman, the data security breach at the Tucson-based credit card processing company could have happened because of software security vulnerabilities cleverly exploited by the intruders who had manage to install a rogue program to capture credit data on its network.

The CardSystems Solutions website which has several Microsoft-based set-up runs on Microsoft's Windows 2000 operating system and IIS Server 5.0.

Cybertrust experts leading the investigations have discovered that the Atlanta-based payment processor did not even meet MasterCard's security regulations, as CardSystems appears to have stored transactions data in unencrypted form and to have kept records that should have been discarded.

"Information travels through the credit system and stops in so many places where it could be illegally used that consumers have no idea what a hodgepodge of a system the credit-card companies have created," detailed Edmund Mierzwinski, consumer program director at U.S. Public Interest Research Group, on the way that credit card processing companies handle their daily transactions.

The intruders behind this data breach scandal might have access to names, account numbers and verification codes that could be used to commit fraud.

Social security numbers, addresses or dates of birth, were not subject of the theft that exposed brands like American Express and Discover, but more important - about 22 million of Visa and 13.9 million MasterCard accounts.


By    21 Jun 2005, 08:58 GMT