By Mike Lennon on December 09, 2014
Electronic payment gateway solutions provider CHARGE Anywhere, LLC said on Tuesday that an attack against its network resulted in hackers gaining access to payment card data for transactions processed through many merchants.
The hackers breached the systems and had the ability to capture data as early as November 5, 2009, CHARGE Anywhere said, using malware that had not been previously detected by any anti-virus program.
CHARGE Anywhere offers solutions that route payment transactions from merchants' point-of-sale systems to their payment processors. Customers include large enterprises, developers, and independent sales organizations (ISOs).
The company did not disclose how many merchants may be affected as a result of the breach, and did not immediately respond to a request by SecurityWeek for additional information.
CHARGE Anywhere, listed as a PCI-DSS Level 1 Service Provider with numerous other certifications, said attackers potentially accessed data including cardholder names, account numbers, expiration dates, and verification codes.
The company said that it conducted an investigation after being asked to investigate fraudulent charges that appeared on cards that had been legitimately used at certain merchants.
full article
Hackers Breached Payment Solutions Provider CHARGE Anywhere: Numerous Merchants Affected
Userlevel 7
9th December 2014
Charge Anywhere LLC, a mobile payments provider, today disclosed that malicious software planted on its networks may have jeopardized credit card data from transactions the company handled between November 2009 and September 2014.
http://krebsonsecurity.com/wp-content/uploads/2014/12/chargeanywhere.png
In a statement released today, the South Plainfield, N.J. electronic payment provider said it launched investigation after receiving complaints about fraudulent charges on cards that had been legitimately used at certain merchants. The information stolen includes the customer name, card number, expiration date and verification code.
Full Article: http://krebsonsecurity.com/2014/12/unencrypted-data-lets-thieves-charge-anywhere/
Charge Anywhere LLC, a mobile payments provider, today disclosed that malicious software planted on its networks may have jeopardized credit card data from transactions the company handled between November 2009 and September 2014.
http://krebsonsecurity.com/wp-content/uploads/2014/12/chargeanywhere.png
In a statement released today, the South Plainfield, N.J. electronic payment provider said it launched investigation after receiving complaints about fraudulent charges on cards that had been legitimately used at certain merchants. The information stolen includes the customer name, card number, expiration date and verification code.
Full Article: http://krebsonsecurity.com/2014/12/unencrypted-data-lets-thieves-charge-anywhere/
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.