The U.S. government said on Tuesday that it launched an investigation into the practices of CardSystems Solutions last week. Investigators are hoping to find out how hackers managed to get into the company's systems and download credit card information for thousands of card holders.
The Federal Financial Institutions Examination Council, a conglomerate of several federal financial agencies is heading the investigation that is expected to take approximately two to four weeks. Seperately, the FBI has launched an investigation into the matter as well.
"We became aware of an issue, and we will now conduct an examination," Michael L. Jackson, a member of the Council told the New York Times. "When you are talking about a theft of that size, that is the logical step."
Approximately 40 million credit card numbers were put at risk. However, to date only about 200,000 of those have been marked as a high risk for fraud - approximately 100,000 Visa cards, 68,000 from MasterCard, and 30,000 cards from various other companies.
Federal regulators hope to determine if CardSystems network security systems were deficient, allowing hackers to place a file on the company's servers to download card data. CardSystems said that it had collected numbers in a central location for research, which is in direct violation of most credit card company policies.
"We look to see if they have had vulnerability assessments, scans, and if they have firewalls," Jackson explained. "We are discussing with the banks to find out whatever information there is about the breach. We want to know what they know."
At this point, it is still unclear if Visa, MasterCard, or any of the other affected companies will take any disciplinary action against CardSystems. While banks are required to submit to security scans at regular intervals, there is no law requiring the same for credit card processing companies like CardSystems.