Credit card processor admits faults

updated 7:53 p.m. ET June 20, 2005

NEW YORK - The head of the credit card processing company whose computer system was breached by hackers, exposing millions of credit card accounts, has acknowledged that his firm should not have been keeping the consumer records in the first place.

The official, John Perry, chief executive of Atlanta-based CardSystems Solutions Inc., said that the records known to have been stolen covered roughly 200,000 of the 40 million compromised credit card accounts, from Visa, MasterCard, and other companies.

He said the data was being stored for “research purposes” to determine why some transactions had registered as unauthorized or uncompleted. “We should not have been doing that,” Perry said in Monday’s editions of The New York Times.

Under rules established by Visa and MasterCard, processors cannot retain cardholder information after handling transactions.

“CardSystems provides services and is supposed to pass that information on to the banks and not keep it,” Joshua Peirez, a MasterCard official, told the Times. “They were keeping it.”

The security breach was first reported Friday when MasterCard International Inc. said computer hackers may have accessed more than 40 million credit card accounts. About 13.9 million were from MasterCard accounts.

MORE FROM SECURITY

Security Section Front

Gmail 'Mail Goggles' stymie drunk e-mailing Fraud plagues prepaid calling card market GPS 'spoofing' could threaten national security Chinese snoop on Skype, but are they alone? Outsourcing aids many data thefts, Verizon says Poker pro suspected in online cheating scheme Victim uses remote logon to nab laptop thief Full encryption stops Amazon Web video leak Media, tech companies unite to fight piracy Hole in Adobe software allows access to movies Security Section Front   Add Security headlines to your news reader: