Credit card users, don't fret. Only a small fraction of the 13.9 million credit card accounts at MasterCard that were exposed to possible fraud were considered at high risk, the company said Saturday.
MasterCard International Inc. spokeswoman Jessica Antle said only about 68,000 of its card holders are at "higher levels of risk." And while those 68,000 should closely examine their credit or debit card accounts, customers do not have to worry about identity theft, Antle said.
"No, none at all," Antle said. "Social Security numbers, dates of birth, information like that are not stored on your credit card."
MasterCard announced the breach Friday and said it was traced to Atlanta-based CardSystems Solutions Inc., which processes credit card and other payments for banks and merchants. The incident appears to be the largest yet involving financial data in a series of security breaches affecting valuable consumer data at major financial institutions and data brokers.
Only about 13.9 million of the 40 million credit card accounts that may have been exposed to fraud were MasterCard accounts. It was not immediately clear how many of the other accounts were considered at high risk.
Under federal law, credit card holders are liable for no more than $50 of unauthorized charges. Some card issuers, including MasterCard, offer zero liability to customers on unauthorized use of the card.
Antle said MasterCard traced the breach to CardSystems based on an unusual pattern of fraudulent transactions.
"I don't have the detail on what type of fraud it was," Antle said. "It wasn't a large amount of fraud, just an abnormal pattern that triggered our system. ... We have tracking systems in place to find the common point of interaction."
FBI spokeswoman Deb McCarley would not confirm the intrusion was the result of Internet hacking.
"I'm not going to get into details of what they have been able to determine right now," she said. She said CardSystems' call center in Tucson, Arizona, had contacted the FBI, and the Phoenix office is handling the case.
CardSystems' chief financial officer, Michael A. Brady, said Friday that his company was "blindsided" by the MasterCard release, adding that his company was told by the FBI not to release any information to the public.
Antle said MasterCard was obliged to its customers to release the information and was not told by the FBI to keep the security breach private.
McCarley said the FBI did ask CardSystems to not release details that might compromise the investigation -- but she denied that the FBI had asked the company to not disclose that the intrusion occurred.
"I'm not sure where they got that impression," she said, adding that it was important for the public to be warned so card holders can be more careful while checking their statements.
CardSystems processes less than 0.5 percent of American Express' domestic transactions, said company spokeswoman Judy Tenzer. She said a small number of its cardholders were affected, though she did not have an exact figure.
Discover Financial Services Inc. said it was aware of the situation and would not say whether any of its cards were involved.
A spokeswoman for American Express said a small number of its cardholders were affected, but would not give an exact number. Visa USA and a large issuer of cards, MBNA Corp., did not return calls for comment.