Your credit card is with you AND some where else too!

Take this. The Credit Card you’re using can have its duplicate lying in some faraway city of the US, right at this moment! And before you jump the gun on your bank, let’s make it clear. They have nothing to do with it. And neither does any other bank in the world (that includes almost every bank that offers a Credit card). The victim’s name here is, Heartland.

The two global Credit Card giants, Visa and MasterCard, depend on Heartland for processing their cards. The company processes more than 100 million transactions per month for over 250,000 customers. Sometime in the later part of the last year, unidentified hackers broke into their systems. They didn’t look for data like customers’ address or contact. Rather they stole the data which would enable them create duplicates of, hold your breath, up to 100 million credit cards.

The company noticed the fraud after receiving some complaints from Visa and MasterCard. Further investigation revealed, what is claimed to be the biggest data breach in the history.

Till now, 500 financial institutions have been brought to the record, for being affected by the breach. Also as the breach came into light, allegations of forgery started pouring in from all over the world.

In another interesting development, 3 men were arrested in New Jersey on multiple charges of credit card fraud and some of the card numbers they allegedly used are tied to the Heartland hack. They have been using those cards since last November. Are they the culprits? Or are they just pawns in this game? Only time will tell.

Law enforcement is currently investigating how those three men were able to obtain credit card numbers from the Heartland breach in the month of November, when the breach was first announced on January 20. Does that mean that the actual breach happened long before the announcement?

While the investigations try to find out what actually happened, we should also ponder on how something like this can be avoided in future? Let’s understand the core problem.

Most financial services organizations outsource significant part of their data processing to vendors, often in different continents. While this provides commercial benefits, there is an ever looming security concern. Many processes are adopted and imposed to ensure that data breach does not occur, but the fact of the matter is leakages happen. The reason is simple; the company that provides or generates the raw data for processing does not have control over it when it is used halfway across the globe! We discussed this in one of our earlier blog Security concern while outsourcing

What’s needed is a way to ensure that security on the outsourced data travels with it, no matter where the data is! So ideally, while Heartland was processing data of its customers, there should have been controls on the data mandating that it can be used only on Heartland authorized machines and applications. Also, after Heartland completed the processing, the raw data should have become unusable! Thus, even if the data was hacked into, no one would have been able to use it!

Is that possible? You know the answer- of course it is! Read here about InfoSource, which helps organizations to outsource data with the confidence that it is being used only by the vendor who is authorized and also only for the purpose for which it was outsourced!