(
)
Better be careful — your credit card could be taking you for a very expensive ride.
Up to 10 million Visa and MasterCard credit cards may have had their data stolen in a massive security breach linked to a New York City parking-garage or taxicab company, it was revealed yesterday.
“That volume of cards, that’s significant,” a federal law-enforcement source told The Post about the embarrassing breach, which occurred at a company that processes credit-card transactions for merchants, including parking-garage operators and taxi companies in New York.
The theft has sparked a US Secret Service probe and led Visa and MasterCard to warn banks that issued the cards that carry those two companies’ logos.
The type of data swiped by the unknown thieves could be used to make phony cards, according to the Web blog Krebs on Security, which first revealed the cyber-theft.
The online heist is believed to have occurred between late January and late February.
“Sources at two different major financial institutions said the transactions that most of the cards they analyzed seem to have in common are that they were used in parking garages in and around the New York City area,” Brian Krebs’ site reported.
Avivah Litan, a financial-fraud analyst with the research firm Gartner, wrote on her blog, “From what I hear, the breach involves a taxi and parking-garage company in the New York City area.”
“So, if you’ve paid a NYC cab in the last few months with your credit or debit card, be sure to check your card statements for possible fraud,” Litan wrote.
However, sources told The Post that investigators believe the thieves logged into the processing company’s system by using client access codes stolen from a parking-garage or taxi company in New York City that has a contract with the processor.
Once inside the processing company’s computers, the thieves were able to steal credit-card information on file there — and those cards were not necessarily used in past transactions at any New York business, taxi, garage or otherwise.
Even if the theft is related to cards used in parking garages and cabs, the card information itself was stolen from a leading processor of charges for merchants and other companies.
The company, Global Payments, said “it identified and self-reported unauthorized access into a portion of its processing system.”
“In early March 2012, the company determined card data may have been accessed,” Global Payments said.
“It immediately engaged external experts in information-technology forensics and contacted federal law enforcement.”
It is not known how many of the affected cards were copied by the thieves — or how many of those copies of cards were used to make fraudulent purchases.
Krebs reported that the online financial service PSCU has identified 56,455 credit cards issued by nearly 500 credit unions that were compromised by the breach.
HOW THE SCAM UNFOLDED:
* Thieves gained unauthorized access to credit-card processing system at Global Payments, which discovers breach early this month
* Up to 10 million Visa and MasterCard credit cards’ data — which can be used to create counterfeit cards — may have been accessed by thieves from Global Payments network
* US Secret Service opens investigation of theft
* Probe finds some of the cards have a common link: payments to New York City and area parking garages and for cab fares
* Visa and MasterCard alert banks that issued cards
* Unknown number of accessed credit-card accounts are used to make fraudulent purchases
* Visa and MasterCard “zero liability” policies mean card-holders not obligated to pay for fraudulent purchases