By Andy McCue, 27 April 2006 17:40
NEWS
Morgan Stanley customers in the UK are the latest to have been hit by a major security breach that has resulted in thousands of MasterCard credit card details being stolen by fraudsters.
silicon.com yesterday exclusively revealed how at least 2,000 MasterCard holders have had their credit card details compromised.
MasterCard notified card issuers of the breach last week and they have been calling affected customers to cancel their cards, close accounts and issue new cards and details.
The Clydesdale Bank is one of the issuers that has already admited its customers were affected and now silicon.com can reveal Morgan Stanley credit card holders have also been hit by the fraud.
One Morgan Stanley customer who contacted silicon.com said: "I was told it was because of advice of a security breach from MasterCard. When I asked what the suspicious activity was I was told that MasterCard was not giving details 'because it would be damaging to its reputation'."
A Morgan Stanley spokeswoman told silicon.com: "The breach is something that has affected lots of issuers not just us. MasterCard informed Morgan Stanley [about the breach] and we are taking action to contact all cardholders affected, shut their accounts and issue new cards."
Some Visa cardholders have also contacted silicon.com to say they have had their cards cancelled in the last week because of fraudulent activity on their account but Visa has so far been unable to confirm whether this is connected to the breach affecting MasterCard.
Speculation is now growing that the UK incident could be linked to a massive security breach in the US earlier this month which resulted in hundreds of thousands of card details and PIN numbers being compromised by hackers.
MasterCard has so far declined to comment on the scale or source of the credit card security breach beyond issuing a statement saying it took immediate action as soon as the breach was discovered.
Comments
There are 8 comments. Join the discussion
1. anonymous
I have a Mastercard which was 'skimmed' in the USA. Nothing Mastercard can do about that, but what was appalling was the fact that it was used continuously over a 2 week period to remove large sums of money from the account. On one occasion it was used 12 times in one day in Brooklyn NY, 4000 miles from home, when the same card was being used in Edinburgh, and their systems did not pick this up?
2. anonymous
Looks like this also effects Goldfish Card holders, as I was informed yesterday that my card was being cancelled and a new one sent out. Again no comment on how the card information was obtained
3. anonymous
It's hardly surprising that phishing scams and the like are so prevalent when renowned financial institutions like Mastercard and Visa appear to operate in such a covert manner where notification to customers of security breaches are concerned, all 'because it would be damaging to (their) reputation' to actually reveal the extent of the problem. How are their customers to make an informed decision on what course of action to take.
I just hope that this policy of misinformation ends up being far more 'damaging to (their) reputation'.
4. anonymous
My Morgan Stanley Mastercard was affected. The first I knew something was wrong was when my card was declined. There was a message on my answerphone when I got back home to call them - on a wrong number. I called the general customer service line and got the standard message read to me. The man said his card had also been cancelled and they wouldn't tell him anymore either (though he thought they might have with him being staff). The card was promised to be reissued and over a week later still no sign of it. Quite frankly I'm now tempted to close the account anyway - I didn't do anything wrong and I've been grossly inconvenienced. If I didn't have other funds I could have been left in a right mess.
5. anonymous
Morgan Stanley called my home number to tell me of problem, they left a message as I was already abroad, they did not contact me via mobile which was available to them, hence my card was refused when I used it.
They refuse to release any details, have issued a new card and number and its possible I could use it again where it may be further compromised, they are not helpful. MC fraud in USA is closed, had to leave a message for call back, do they know fraud occurs 24hrs a day !
6. anonymous
Also with Goldfish (Morgan Stanley) here and had the card declined a couple of times. Made a mental note to ask them about it but when I got home there was a letter asking to ring them urgently. That's when they told me they'd cancelled and reissued the card because of Mastercard alerting them of potential fraudulent use. There's no sign of the replacement yet, almost a week later.
I'm sure if we all put our heads together we can work out which retailer was at fault, I for one want to know.
7. anonymous
We're all to blame. Not just the Merchant. My Morgan Stanley card was impacted too. All dealt with in a timely and efficient manner. Well done Morgan Stanley.
If all card issuers (USA included) embraced Chip & pin technology for face to face transactions and Verified by Visa and the MasterCard equivalent (MasterCard Secure code), for e-Commerce, the only current route to fraud would be mail order or telesales. For that they'd need my card security code - which Merchants aren't allowed to store and the banks are looking for alterative solutions to that too.
Finally, if we the cardholders registered our details with our Card Issuer for Verified by Visa etc. the frausdters couldn't do anything with the details that have been taken anyway!
There is a preventative solution - we should just get on and implement it!
8. Jack Karkness
Those calling for the retailer to be named are missing the point. The credit card companies do not want retailers to be afraid to tell them they've suffered a breach.
If they adodpted a name and shame policy, other businesses would be think twice about coming forward in the future.
As it stands, a lot of people have been inconvenienced but their cards have not been used.