An apparent data breach in Spain has caused Visa and MasterCard to warn banks of possible fraudulent credit card transactions.
The breach likely affects people across Europe who may have had transactions processed in Spain. As a result, many German banks have opted to replace their customers' cards, according to the Central Credit Committee, an organization that represents several German banking associations.
Banks in Austria, Sweden and Finland have also issued new cards, according to a report on Wednesday in the Stuttgarter Zeitung.
Visa has noticed an aberrant pattern regarding card use in Spain "but what we don't know is what that issue is or how big that issue is," said Ian Barber, a Visa spokesman. An investigation is under way, said Louise Herbert, a MasterCard spokeswoman.
Visa has issued a precautionary alert to banks, and MasterCard has also notified its issuing banks. Neither company would say how many cards are suspected to have been compromised.
It's up to bank to decide whether they want to issue new cards to their customers. Banks routinely have to compensate customers for fraudulent transactions. But is also expensive to replace large batches of cards, so some banks will not replace cards until there is a concrete pattern of fraud.
In recent years, card companies including Visa and MasterCard have required that businesses comply with Payment Card Industry's Data Security Standard (PCI DSS), a set of practices and recommendations around maintaining the security of payment card data and processing. It's intended to bolster security around card data.
Nonetheless, breaches still occur. "Unfortunately, these instances aren't that rare," said Sandra Quinn, communications director for UK Payments, a trade association for payment organisations.
Banks such as HSBC and RBS did not have immediate information on whether they were replacing customer cards. Barclaycard, which is the credit card division for Barclays bank, said it was aware of the situation and "we will take whatever steps necessary" to stop fraud, according to a spokesman.