Payment Card Gateway Provider Hacked — FIve Years Ago

The latest retail breach is not a retailer, per se, but itEUs in the ballpark. Charge Anywhere, a company that provides electronic payment gateway solutions to retailers and other merchants, is reporting that criminals infiltrated its system five years ago, putting unencrypted payment card data at risk.

Although the firm assures maintaining the security of payment card data it holds is an absolute priority and has apologized for the incident, it seems breaching the data was also the cybercriminalEUs priority -- and the criminal won the security match.

EUUnfortunately, criminals have become good at evading security measures to steal payment card data from retailers and their service providers,EU the company said in a statement. EUCharge Anywhere recently uncovered a sophisticated attack against its network. The attack has been completely shut down and fully investigated.EU

What Was Leaked?

Charge AnywhereEUs investigation turned up malware that anti-virus programs had not previously detected. The company hired a computer security firm to investigate how the malware was used and to help beef up its network security measures.

EUThe investigation revealed that an unauthorized person initially gained access to the network and installed sophisticated malware that was then used to create the ability to capture segments of outbound network traffic. Much of the outbound traffic was encrypted,EU the firm explained.

EUHowever, the format and method of connection for certain outbound messages enabled the unauthorized person to capture and ultimately then gain access to plain text payment card transaction authorization requests EU Although we only found evidence of actual network traffic capture for this short time frame, the unauthorized person had the ability to capture network traffic as early as November 5, 2009.EU

Leaked data may include a cardholder's name and account number, as well as the card's expiration date, and verification code. Payment cards used at these merchants between November 5, 2009...

Comments are closed.

Payment Card Gateway Provider Hacked — FIve Years Ago

The latest retail breach is not a retailer, per se, but itEUs in the ballpark. Charge Anywhere, a company that provides electronic payment gateway solutions to retailers and other merchants, is reporting that criminals infiltrated its system five years ago, putting unencrypted payment card data at risk.

Although the firm assures maintaining the security of payment card data it holds is an absolute priority and has apologized for the incident, it seems breaching the data was also the cybercriminalEUs priority -- and the criminal won the security match.

EUUnfortunately, criminals have become good at evading security measures to steal payment card data from retailers and their service providers,EU the company said in a statement. EUCharge Anywhere recently uncovered a sophisticated attack against its network. The attack has been completely shut down and fully investigated.EU

What Was Leaked?

Charge AnywhereEUs investigation turned up malware that anti-virus programs had not previously detected. The company hired a computer security firm to investigate how the malware was used and to help beef up its network security measures.

EUThe investigation revealed that an unauthorized person initially gained access to the network and installed sophisticated malware that was then used to create the ability to capture segments of outbound network traffic. Much of the outbound traffic was encrypted,EU the firm explained.

EUHowever, the format and method of connection for certain outbound messages enabled the unauthorized person to capture and ultimately then gain access to plain text payment card transaction authorization requests EU Although we only found evidence of actual network traffic capture for this short time frame, the unauthorized person had the ability to capture network traffic as early as November 5, 2009.EU

Leaked data may include a cardholder's name and account number, as well as the card's expiration date, and verification code. Payment cards used at these merchants between November 5, 2009...

Comments are closed.