MasterCard Identifies Security Breach at CardSystems Solutions

Through the use of MasterCard fraud-fighting tools that proactively monitor for fraud, MasterCard was able to identify the processor that was breached. Working with all parties, including issuing banks, acquiring banks, the processor and law enforcement, MasterCard immediately launched an investigation into the breach, and worked with CardSystems to remediate the security vulnerabilities in the processor's systems. These vulnerabilities allowed an unauthorized individual to infiltrate their network and access the cardholder data.

CardSystems has already taken steps to improve the security of its system. However, MasterCard is giving it a limited amount of time to demonstrate compliance with MasterCard security requirements.

Importantly, in keeping with its standards that focus on consumer protection and the safeguarding of sensitive information, MasterCard immediately notified its customer banks of specific card accounts that may have been subject to compromise so they can take the appropriate measures to protect their cardholders.

In the event of a cardholder data breach, MasterCard always takes this precaution regardless of whether there is any indication that fraud has resulted and whether or not there has been a final determination that a security breach has or has not occurred. Upon receiving notice from MasterCard, banks are able to take the appropriate steps to protect their cardholders from potential fraud. No highly sensitive information, such as social security numbers or dates of birth or the like, are stored on MasterCard cards.

Consumers have strong protection if unauthorized charges are made on their MasterCard cards. In the U.S., MasterCard cardholders are protected by MasterCard's Zero Liability policy for unauthorized transactions on their accounts. If MasterCard cardholders have any reason to believe that their cards were used fraudulently, they should contact their issuing bank.