The field of the disclosure relates generally to increasing security surrounding online payment card transactions, and more specifically to method and systems for determining when and where payment card numbers stored by merchants have been compromised.
Many online merchants store payment card information, including payment card numbers, for their returning customers, to process returns, and/or for purchase trend research. This payment card information may include other cardholder identifying information. In many cases, this information is stored for processing recurring transactions or to improve the speed of the checkout process for future online transactions. The stored payment card information allows a customer to avoid having to re-enter his or her payment card information every time the customer makes an online purchase from the merchant. However, this payment card information has the potential to be stolen. Over the past several years, many cases of security breaches, also known as account data compromises, have been reported. While some breaches have been for a few payment cards, other breaches have been for tens of thousands of payment cards. The stolen payment card information may then be used to perform fraudulent transactions.
Existing fraud system can learn about the compromise of individual payment cards through the analysis of good and bad transactions. When a large number of fraudulent transactions are discovered, some existing fraud systems perform statistical analysis on the fraudulent transaction to try to determine which merchant was potentially breached. However, there could be more than one breached merchant, which increases the difficulty of the analysis. Further, this analysis takes time to determine the potentially breached merchants. While this analysis is occurring more fraudulent transactions may be performed using other payment cards that were compromised at the same time, but have not yet been identified as compromised.