Credit Companies Scramble to Reassure Clients After Fiasco

Companies text customers, whose credit card information was released by hackers, saying their card numbers had been blocked for phone and Internet purchases.

Credit card companies doubled their service staff on Tuesday in an attempt to handle the flood of queries from concerned customers, after the credit card details of some 14,000 Israelis were hacked and posted online Monday night.

Among efforts to calm customers - whose credit card information had been accessed by a Saudi Arabian hacking collective called group-xp - companies texted them to say their card numbers had been blocked for phone or Internet purchases.

Credit Cards - Daniel Bar-On - 04012012
Daniel Bar-On

In fact, only a small number of low-priced purchases were made with the leaked cards Tuesday, apparently by people trying their luck with numbers they found in the hacked material.

Visa CAL, which said less than 3,000 of its cards had been leaked on the web, opened a Facebook page for questions with the bank's information security officials, while Isracard began to distribute new cards directly to the homes of affected cardholders.

Leumi Card CEO Tamar Yasur said the company had spent "the longest night ever" figuring out the extent of the problem, and reached 4,000 of their clients Tuesday morning.

She said none of Leumi Card's clients had been damaged by the leak. However, she conceded, "Unfortunately, I cannot say this is the first time this has happened," citing noncompliance of businesses with security standards as the "weak link."

Half of the 680,000 pieces of credit-card information leaked on the web belonged to 6,600 of Isracard's clients. However, Isracard CEO Dov Kotler said that the amount of information leaked Monday night "is the same amount we deal with in a year, just not under such pressure."

Kotler said Isracard had beefed up their service representative staff and informed over half the affected clients of their card cancelation. Some would receive their new credit card over the next 24 hours, he added. Kotler also said that if the credit cards were illegally used, the company was required by law to honor the purchases.

Yishai Wertheimer, director of fraud risk management at Visa CAL, called the incident a "terror attack on the Internet world." He added he "could not say for sure that only Internet purchase sites were hacked."

"Nothing is 100 percent in the Internet world," Wertheimer said when asked about the risks of e-commerce. He said companies that worked with credit cards had to comply with the Payment Card Industry Security Standards Council, but added, "We have no control over those that don't work with us."

Wertheimer said it had been easy for the hackers to break in.