Visa has nixed Global Payments from its credit card processing provider list after the firm reported that 1.5 million credit card files were compromised in a
breach -- at least for now. Global Payments has yet to reveal the root of the breach.
We caught up with Neil Roiter, research director at Corero Network Security, to get his take on the ongoing saga even as Global Payments remains tight-lipped about the open door. So far, Global Payments has stated only that the attack was "contained" and confirmed that about 1.5 million records were compromised.
"Global Payments was clearly vulnerable, and other processing companies likely are as well," Roiter said. "They all need to review continuously the security policies, practices and technology controls they have in place, including but not limited to encryption, access controls and authentication."
A Self-Detected Breach
Geoff Webb, director at Credant Technologies, told us he considered it interesting that the security breach was self-detected. That's because in the majority of breaches, the actual breached party finds out from a third party.
In this case Global Payments spotted the breach on its own, which Webb said would imply that the credit card processor has both monitoring tools in place and policies that enable it to use the information gathered and to respond appropriately. While Global Payments is getting plenty of criticism, Webb said this self-detection actually speaks well of the firm's security preparedness.
"Only a small number of servers were breached -- and it would seem these were used to handle North American card transactions, hence the limit of the breach to North American cards. This is not unusual," Webb said.
"Attackers will identify servers with weaknesses -- such as being left with default vendor-supplied service accounts -- and use those to gain access to the network. They will then watch for, and copy, unencrypted card information as it moves across the processors network. They'll often use some customer-designed to do this, as we've seen before in other breaches."
What Global Payments Did Right
Global Payments went to the federal authorities early, within hours of the breach being detected. For this the credit card processor is being recognized in a positive light. Any organization breached in this way needs to move quickly to contact the federal government, Webb said, and then they should wait for guidance.
"The worst thing they could do is to shut down their systems and, as a result, warn the thieves that the breach has been spotted -- who then immediately begin to cover their tracks," Webb said. "Far better to allow the investigators an opportunity to look at the breached systems and gather as much information as possible -- huge amounts of forensic data can be lost by shutting down a breached system in a panicked response to identifying a breach."