The credit and debit card information of about 15,700 Western Union customers who used the company’s Web site to transfer money has been stolen by hackers, officials for the company confirmed Monday.
“We’ve determined there was a security breach,” Western Union spokesperson Peter Zivertz told the E-Commerce Times, “and we believe the credit and debit card information has been copied by a third party.”
Secret Service Contacted
According to U.S. government officials, Western Union has referred the matter to the Secret Service, which handles probes involving credit card fraud.
“We’ve been in communication with Western Union,” Secret Service spokesperson Jim Mackin told the E-Commerce Times. Mackin added that while a case has yet to be formally opened, one could be opened later in the week.
“This is not unusual,” Mackin said. “Someone will make a notification and then we will look into it.”
Human, not Computer Error
The problem was discovered during an “internal audit,” Zivertz said. He attributed the reason for the breach to human error, “not an inherent architectural flaw.” Employees conducting routine maintenance of its systems left some parts unprotected.
Western Union officials also said that they do not believe systems workers were complicit in the security breach, which was first detected on Friday, and they have not taken any disciplinary action.
Western Union began notifying affected customers via telephone and e-mail over the weekend. Visa International and MasterCard International were also informed which of their cardholders had their data copied and have begun monitoring their accounts.
“At this point, no fraudulent actions have been consummated that we are aware of,” Zivertz said.
Disposable Credit Card Solution?
A subsidiary of Atlanta, Georgia-based First Data Corp., Western Union shut down its Web site over the weekend. A notice on the main page informs users that it is temporarily out of service and lists a phone number to contact for agent information.
The Internet arm of the money-transfer service began in June, and also allows customers to submit applications for loans and locate Western Union branches. Customers utilizing those services were not affected.
Company officials say its Web operation is only responsible for a minuscule portion of its total transactions, which topped 73 million last year.
The cracking of Western Union’s site comes on the heels of a bid by American Express to ease growing consumer concerns about online security and cut down on credit card fraud. Last Thursday, the financial services giant announced it will offer disposable credit card numbers for purchases made over the Internet.
Tougher Policy Almost in Place
Earlier this year, the U.S. Sentencing Commission (USSC) sent stricter punishment guidelines to Congress for people who use the Internet to steal credit cards, distribute pirated copies of copyrighted material or solicit sex with minors. The guidelines for credit card theft were scheduled to take effect November 1st.
Congress had mandated that the USSC recommend new guidelines that would conform with legislation designed to get tough on Internet and computer-related crime. Judges are required to follow the new guidelines unless there is a compelling legal reason not to.