MasterCard’s and Visa’s sites were partially knocked out Wednesday (Dec. 8), ostensibly by aggrieved supporters of WikiLeaks, which MasterCard recently cut off from its network. MasterCard made no reference to a denial-of-service attack, only indicating that it was “experiencing heavy traffic on its external corporate Web site—MasterCard.com. We are working to restore normal speed of service.” It then added: “There is no impact whatsoever on our cardholders’ ability to use their cards for secure transactions.” A later MasterCard statement said: “Our core processing capabilities have not been compromised and cardholder account data has not been placed at risk. While we have seen limited interruption in some Web-based services, cardholders can continue to use their cards for secure transactions globally.”
Hmmmm. “Limited interruption in some Web-based services?” When MasterCard said that its “core processing capabilities have not been compromised,” is that indicating other processing capabilities were affected? If neither MasterCard nor Visa can fully protect it site against a highly predictable consumer attack, how would the sites fare under a full-scale well-financed terrorist hit? Both brands make much of their highly robust systems. Although there’s no initial reason to suspect that the payment-processing network itself was impacted, this attack certainly doesn’t fill retailers with abundant confidence.