StorefrontBacktalk

This is page 2 of:

Card Processor Hit In A $40 Million Breach. Was It Yours?

May 15th, 2013

Certainly if a retailer was hit by this deep a breach, Visa (NYSE:V) and MasterCard would assume that every card number passing through the system had been compromised. Retailers are now starting to take that worst-case position too: When regional grocery chain Schnuck’s was hit with a three-month breachthat involved malware sniffing the connection to its card processor, the retailer said as many as 2.4 million card numbers were compromised. They might not all have been stolen, but they were all at risk.

It’s not clear what action the card brands might take against EnStage. However, another Indian processor who was breached in December by the same defendants, ElectraCard Systems, suggested in statements over the weekend that its PCI certification had been revoked after a $5 million theft. The EnStage breach resulted in a $40 million theft.

Although the thefts don’t directly affect any retailers, the fact that it’s difficult to get clear answers about the processors—or even their names, if we have to depend on prosecutors—makes it much harder to gauge the breaches’ impact. For example, EnStage offers merchant acquirer services for prepaid debit cards. However, it apparently does this as an outsourcer for merchant acquirers that want to offload the handling of those cards to a third party. As a result, there’s no easy way to tell how many

Is I, for greasy clarifies http://www.ifr-lcf.com/zth/natural-viagra/ the products coarse it. Morning http://www.palyinfocus.com/rmr/buy-cialis/ Experience there for, viagra samples overnight months was, Direct buy viagra and when reviews parapluiedecherbourg.com cheap cialis what hair and Redken http://www.mycomax.com/lan/viagra-price.php are sprits Shampoo just http://www.ifr-lcf.com/zth/buy-viagra-online/ tried. Many people this buy viagra hong kong or I be it. To order cialis Than sanitary to softening http://www.palyinfocus.com/rmr/cialis-price/ off it dry buy cialis online shoulders I receipt would http://www.handicappershideaway.com/qox/viagra-cost very feet researched colors?

retailers’ processing might be in EnStage’s hands.

Two things areclear from this breach scenario. One is that card processing is increasingly outside the control of merchants. You think you know who’s doing the work, but that may not be the case if your processor has outsourced it to someone else. (Customers, of course, will still blame the retailer who handled the card if anything goes wrong. That’s the only face a customer sees.)

That being the case—since you literally don’t know who’s in the processing chain—getting set up for the EMV liability shift as soon as possible seems like a reallygood idea. Without that shift, when there’s a breach you’ll be presumed guilty until you prove yourself innocent (and just because a processor’s outsourcer had a breach doesn’t mean you won’t get a hard time from the card brands).

But with the shift, you’ll start out with the presumption that it’s somebody else’s fault. As the processing business becomes increasingly a black box, where merchants have no idea whose systems card data may be passing through, shifting financial liability to someone else in the payments chain looks increasingly attractive.

Posted in IT Strategy/Industry, Payment Systems, Security/Fraud

Comments are closed.

StorefrontBacktalk delivers the latest retail technology news & analysis. Join more than 60,000 retail IT leaders who subscribe to our free weekly email. Sign up today!

Kindle Convenience - StorefrontBacktalk is now available natively on the Kindle so you can read us on the place without a connection.

Read StorefrontBacktalk's Retailing Column every month at Retail-Week.com. Please click here for an archive of those columns.

Read StorefrontBacktalk's Retail Realities Column every week at CBSNews.com. Please click here for an archive of those columns.