File picture: Elise Amendola

Online payment service provider PayGate has confirmed that its systems were breached in August this year and that some credit card numbers may have been exposed.

“We detected unauthorised activity on August 15 and immediately took action,” said PayGate managing director Peter Harvey. “We have completed a detailed forensic investigation. We believe that the breach was confined to August this year.”

Last week, Independent Newspapers reported how Woolworths credit card customers had their cards cancelled because their banking details had been leaked during a breach. The retailer said it suspected that the security on a number of its customers’ credit cards may have been compromised.

Harvey said that while some credit card details may have been exposed, “the card associations and banks are pro-actively monitoring all credit cards processed during this period and will contact cardholders directly if necessary”.

“The card associations have strong measures in place to protect their customers. But we do encourage everyone to check monthly statements carefully and to report any suspicious transactions immediately.”

PayGate did not store any personal details like addresses or ID numbers although it does store e-mail addresses. “As always, customers should be vigilant for phishing attacks.”

“Online retailers have been largely unaffected,” said Harvey, “but we are working closely with banks, the card associations and international security experts to ensure all the loops have been closed. We’ve introduced several enhanced security features.”

The Payments Association of SA (Pasa) said: “There are indications that only a limited number of card details have been accessed.”

The card data emanating from these transactions seemed to have been stored in a manner which did not meet the stringent security standards expected.

Harvey urged card users to report suspicious transactions to their banks.