Visa and MasterCard are alerting their card-issuer banks of a major breach of a US-based payments processor, according to published reports. KrebsonSecurity.com, citing unnamed sources, says as many as 10 million cards may be affected, while The Wall Street Journal, also citing unnamed people, identifies the compromised processor as Global Payments Inc.

Both reports cite a written notice Visa is sending to banks warning of a network intrusion that may have lasted from January 21 to February 25. According to KrebsonSecurity, full Track 1 and Track 2 data was lifted, meaning the hackers would have everything they need to clone counterfeit cards. A forensic company and the US Secret Service are conducting an investigation, which is still in the early stages, the document cited in the news reports said.

After the reports were published, Global Payments released a statement that confirmed it had "identified and self-reported unauthorized access into a portion of its processing system." It continued:

"In early March 2012, the company determined card data may have been accessed. It immediately engaged external experts in information technology forensics and contacted federal law enforcement. The company promptly notified appropriate industry parties to allow them to minimize potential cardholder impact. The company is continuing its investigation into this matter."

Global Payments says on its website that it processes "billions and billions of transactions per year for over a million points of service across North America." The Atlanta-based company has scheduled a conference call for Monday morning to discuss the breach

Visa, meanwhile, issued its own statement that said in part: "Visa Inc. is aware of a potential data compromise incident at a third party entity affecting card account information from all major card brands. There has been no breach of Visa systems, including its core processing network VisaNet." MasterCard said its employees are "investigating a potential account data compromise event of a U.S.-based entity and, as a result, we have alerted payment card issuers regarding certain MasterCard accounts that are potentially at risk."

The reports evoke memories of the compromise several years ago of Heartland Payment Systems, which at the time processed card transactions for more than 250,000 businesses. Serial hacker Albert Gonzalez was ultimately indicted for the intrusion, which prosecutors said was in part accomplished by exploiting a garden-variety bug on Heartland's website. Gonzalez ultimately pleaded guilty to hacking Heartland and other companies and making off with data for more than 130 million cards.

Heartland set aside more than $12.6 million to clean up after the hacking spree. Stock trades for Global Payments were halted following the news after the share price fell more than 9 percent.

The reports don't elaborate on the number of cards actually compromised. They cite a separate notice by PSCU, a company that works with credit unions, that identified as many as 56,000 accounts that may be at risk. Avivah Litan, an analyst for Gartner who follows the credit card industry, has issued a report that says her sources "are seeing signs of this breach mushroom."

Updated to add statements from Global Payments, Visa, and MasterCard.