When you make a credit card purchase, you trigger (PDF) that transmits information (1) from your credit card to the merchant making the sale; (2) from the merchant to an entity called a processor (or, in industry terms, an acquirer), in this case, a company like Global Payments; (3) from the processor to the issuer (your bank); (4) from the issuer back to the processor; (5) from the processor back to the merchant; and (6) you take your merchandise.

The part of the process that was breached was the step between the merchant and the processor; the former being a New York City taxi and parking garage company, . Global Payments apparently first identified the potential breach in early March, and the problem had been undetected for several months before that. Therefore, the pool of victims is likely to be those who used their debit or credit cards for transportation in the New York metropolitan area earlier this year.

Global Payments says that it believes may have been breached. Since apparently no customer names were associated with the data breached, this problem does not appear to involve identity theft. According to , there are somewhere in the neighborhood of 181 million credit cards in the United States, so this breach could represent less than one percent of credit cards in use.

However, if you still think you might be part of this group, what can you do besides wait for your bank to notify you that you may be affected, based on current breach notification laws?