<p>Although up to 40 million MasterCard credit card holders may have been exposed by a security breach, the company said Saturday only about 68,000 of its card holders are at "higher levels of risk."</p><p>MasterCard International Inc. spokeswoman Jessica Antle said about 13.9 million of up to 40 million credit card holders that may have been exposed to fraud by a security breach at CardSystems Solutions Inc. _ an Atlanta-based card processing company _ are MasterCard accounts.</p><p>"Of that 13.9 million, we are only aware of 68,000 that were actually taken out of card systems data bases," Antle said.</p><p>"There are different levels of risks on the card, and those 68,000 have higher levels of risk."</p><p>At risk are the names, banks and account numbers of the credit card holders, but Antle said customers do not have to worry about identity theft.</p><p>"No, none at all," Antle said. "Social Security numbers, dates of birth, information like that are not stored on your credit card."</p><p>Under federal law, credit card holders are liable for no more than $50 of unauthorized charges. Some card issuers, including MasterCard, offer zero liability to customers on unauthorized use of the card.</p><p>MasterCard first announced the breach in a news release Friday afternoon, saying it was notifying its card-issuing banks of the problem.</p><p>Antle confirmed that MasterCard traced the breach to CardSystems based on an unusual pattern of fraudulent transactions.</p><p>"I don't have the detail on what type of fraud it was," Antle said. "It wasn't a large amount of fraud, just an abnormal pattern that triggered our system. ... We have tracking systems in place to find the common point of interaction."</p><p>In this case, the common point was CardSystems, which also has an operations and call center in Tuscon, Ariz.</p><p>FBI spokeswoman Deb McCarley confirmed the Phoenix office is handling the case. McCarley said CardSystems' Tucson center contacted the FBI.</p><p>"Their facility reported the situation to us and they have been working very well with us in the investigation," McCarley said.</p><p>Antle said MasterCard has worked with law enforcement agencies, including the FBI, and had the approval of the FBI in making Friday's announcement. However, a CardSystems official said his company was "blindsided" by the release.</p><p>CardSystems' chief financial officer, Michael A. Brady, said Friday his company was told by the FBI not to release any information to the public. The company said it was surprised by MasterCard's decision to go public.</p><p>"We were absolutely blindsided by a press release by the association," Brady said.</p><p>Antle said MasterCard was obliged to its customers to release the information and was not told by the FBI to keep the security breach private.</p><p>"We cooperate fully with law enforcement and have a very strong relationship with them," Antle said. "To think we would have issued an announcement if FBI told us not to just isn't accurate."</p><p>Added Antle: "We took a big step forward in announcing it."</p><p>McCarley said it was important for the public to be warned so card holders can be more careful while checking their statements.</p><p>McCarley said the FBI asked CardSystems to not release details "to compromise the investigation."</p><p>However, she denied that the FBI asked the company to not disclose that the intrusion occurred.</p><p>"I'm not sure where they got that impression," McCarley said. "I called the case agents. We did not advise them not to say anything about it."</p><p>On Friday, MasterCard said the security breach involves a computer virus that captured customer data for the purpose of fraud and may have affected holders of all brands of credit cards.</p><p>CardSystems processes less than 0.5 percent of American Express' domestic transactions, said company spokeswoman Judy Tenzer. She said a small number of its cardholders were affected, though she did not have an exact figure.</p><p>Discover Financial Services Inc. said it was aware of the situation and would not say whether any of its cards were involved.</p><p>McCarley would not confirm the intrusion was the result of Internet hacking.</p><p>"I'm not going to get into details of what they have been able to determine right now," she said.</p><p>The incident appears to be the largest yet involving financial data in a series of security breaches affecting valuable consumer data at major financial institutions and data brokers.</p><p>It is the third recent security breach of an Atlanta area company. ChoicePoint Inc., confirmed it given identity thieves access to information on more than 145,000 people.</p><p>Earlier this month, Citigroup said UPS lost computer tapes with sensitive information from 3.9 million customers of CitiFinancial, a unit that provides personal and home loans.</p><p>___</p><p>Associated Press writer Paul Davenport contributed to this report.</p>
