PAAY is a card payments processor based in US, and it verifies payments on behalf of selling merchants, like online stores and other businesses, to prevent fraudulent transactions.
TechCrunch was told that there were estimated about 2.5 million card transaction records in the database. PAAY said that an error was made that left that database exposed without a password. Moreover, the database contained daily records of card transactions dating back to 1 September 2019 from a number of merchants. Each transaction contained the full plaintext credit card number, expiry date, and the amount spent, as well as a partially masked copy of each credit card number. The data did not include cardholder names or card verification values, making it more difficult to use the credit card for fraud.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now
We welcome comments that add value to the discussion. We attempt to block comments that use offensive language or appear to be spam, and our editors frequently review the comments to ensure they are appropriate. If you see a comment that you believe is inappropriate to the discussion, you can bring it to our attention by using the report abuse links. As the comments are written and submitted by visitors of the Telecompaper website, they in no way represent the opinion of Telecompaper.