The card companies said customers would not be responsible for fraudulent purchases
Visa and Mastercard have warned US banks that details of credit card holders' personal information could be at risk after a security breach.
Both Visa and Mastercard said there had been "no breach" of its own system, instead blaming a third party, reports the BBC.
Security blog, KrebsOnSecurity, which first reported the story, said industry sources believed more than 10 million cards may have been compromised.
Reports suggested the stolen details had been obtained in New York.
The Wall Street Journal quoted its own industry sources as saying card-processing firm Global Payments was the company that suffered the breach. Shares in the company fell by more than 9% on Friday.
Global Payments has not responded to requests for comment.
Neither Visa nor Mastercard would confirm how many customers were affected.
In a statement, Mastercard said: "[We are] concerned whenever there is any possibility that cardholders could be inconvenienced and we continue to both monitor this event and take steps to safeguard account information.
"If cardholders have any concerns about their individual accounts, they should contact their issuing financial institution."
Visa echoed Mastercard's statement, emphasising that its customers are not responsible for fraudulent purchases.
Gartner analyst, Avivah Litan said she believed the breach was related to a taxi garage in New York City.
"So if you've paid a NYC cab in the last few months with your credit or debit card - be sure to check your card statements for possible fraud," she said.