Shares in nearly every credit card processor are down today after warnings that a possible "massive data breach" may have happened between January 21 and February 25 of this year.
The blog Krebs on Security first reported the problem, noting that "full Track 1 and Track 2 data was taken - meaning that the information could be used to counterfeit new cards."
The big problem for investors is that we don't know which processor is actually responsible for the breach. As a result, it's mainly Visa (V) and Mastercard (MA) themselves who are being hit, both down more than 1%.
WebProNews recently posted an infographic on recent big breaches.
According to the infographic the last major breach in the processing sector occurred at Heartland Payment (HPY) in 2008 involving malware that recorded payment card data as it was being sent for processing by retailers.
The scandal caused the company's stock to lose nearly 90% of its value over the next few years (although the aftermath of the larger financial crash may have contributed to that collapse). WebProNews says the person behind the Heartland breach later got a 20 year prison sentence. The stock has since recovered and is trading near its 2008 high.
Payment processors can take one of two sides of each transaction. Some, like Heartland, cover merchant accounts while others take the card holder's side.
While many independent processors are publicly-traded the largest such company, First Data, was taken private by KKR in 2007.
ZDNet reports that most of the phony transactions so far seem to have happened in New York City. MasterCard International is based in Purchase, N.Y., but that fact alone means nothing.
The fact of the breach within the payment industry may give pause to those pushing mobile payment start-ups. Failure to maintain security in the space can kill a company, and wound even large processors terribly.