computer hacker broke into the system of a third-party processor and gained access to upward of 8 million Visa, MasterCard, Discover and American Express accounts the week of February 3, 2003. Initial reports said the point of access was through the third party processor's system, which at first was unnamed. In response, National Processing Co. (NPC) and Fifth Third Bancorp both declared in statements that their systems had not been accessed by any unauthorized users.

Since the story broke, the processor has been identified as Data Processors International (DPI) of Omaha, Neb., which mainly handles transactions for high-risk merchants. An Associated Press report said the company issued a statement on February 19 confirming "an unauthorized outside party" had broken into its computer system, prompting criminal investigation. DPI did not state how the breach occurred.

According to the company's Web site, DPI specializes in credit card payment processing services for retail, Internet, direct response, catalog, home-based and other direct marketing merchants. DPI's acquirer is Provident Bank of Cincinnati, a subsidiary of Provident Financial Group, Inc.

While the Visa and MasterCard card associations issued statements reiterating the integrity of their systems, at least two issuing banks canceled tens of thousands of their customers' Visas and MasterCards. One bank in Rhode Island, Citizens Bank, closed 8,800 customer accounts whose card numbers had been accessed after being notified of the breach by MasterCard on February 14. PNC Bank of Pittsburgh deactivated about 16,000 Visa-branded check cards on February 20 after it received notification of the breach. Three million PNC customers have cards carrying the Visa logo.

The sheer volume of accounts that potentially had been accessed made this story big news. This was clearly an event with ramifications for the financial services industry, raising questions about security issues as well as who bears the ultimate responsibility for protecting information. When the story broke later in the month, it was widely reported in both financial news outlets and mainstream media.

As a result, this story also brought the process of payment transactions to the forefront of public awareness when reports explained the behind-the-scenes nuts and bolts of what happens when consumers use their credit or debit cards to make purchases. When one report called the third-party processor the weakest link in the chain, making it vulnerable to outside hacks, consumers also learned what a third-party processor is and what role it plays in completing a payment transaction.

DPI later announced that 10.2 million accounts had been accessed, making this the largest breach of security ever for the card associations. The original estimate put the total at 5.6 million to 8 million, of which 3.4 million are Visa accounts and 2.2 million are MasterCard accounts. It's unclear, though, exactly how many of those accounts were compromised or if any have indeed been used for fraudulent purposes.

Visa said there have been no incidents of fraudulent activity reported on any of its cardholder accounts. MasterCard said that 2.2 million of the hacked accounts were registered to its users and had been "possibly compromised." The affected accounts make up nearly 1% of the 574 million Visa and MasterCard accounts in the U.S. More than one billion Visa-branded banks cards are in circulation around the globe; MasterCard has 1.7 billion cards in worldwide circulation.

The card companies said they were notified of the incident in early February, and as of late in the month they had received no reports of fraudulent activity involving the accounts. Visa, MasterCard, American Express and Discover all have policies in place protecting consumers from liability for fraudulent use of their accounts. All major card companies said they were monitoring affected accounts for suspicious activity.

The hacker's location is not known; whether the origin is within U.S. borders or overseas remains to be determined. The FBI and Secret Service are involved in the investigation.