Visa has dropped Global Payments from its list of companies that are deemed compliant with security policies following a data breach that may have compromised as many as 1.5 million Visa and MasterCard accounts.
Visas decision to drop Global Payments from its registry of service providers that meet the credit card companys data security standards came April 1, two days after the breach became public. During a conference call April 2 to discuss the situation, Global Payments CEO Paul Garcia talked about Visas move, and reportedly said he expects his company to be returned to the list after it comes back into compliance with the Visa policies. However, Garcia didnt say when that may be.
Officials with Visa and MasterCard announced last week that data from credit card accounts was stolen following a data breach at a third-party processor, and stressed that their own servers had not been compromised. The credit card companies initially did not say which transaction processing company was attacked, but it soon leaked out that it was Global Payments.
In a statement released April 1, Global Payments executives said that the data breach affected fewer than 1.5 million accounts, and that the impact was contained to North America. The statement said the information stolen was Track 2 card data, which comprises information accessed by ATMs and credit card checkers, such as the cardholders account and encrypted PIN.
However, what data was possibly stolen was one of a number of discrepancies between what Visa and MasterCard reported, and what Global Payments said, according to Gartner analyst Avivah Litan. In a blog post April 2, she noted that the credit card companies said that Track 1 dataincluding cardholder names and account numbersas well as Track 2 information were accessed. Global Payments officials said in the statement that cardholder names, addresses and Social Security numbers were not obtained by the criminals.
In addition, Visa had said the data breach occurred between Jan. 21 and Feb. 25, while Global Payments officials said they detected and reported the breach in early March. Global payments also had not heard about any reports about fraud occurring on the stolen cards, Litan said.
Sounds like theres a lot more going on out there than the payment industry and law enforcement have nailed down and are prepared to talk about, she wrote.
Atlanta-based Global Payments is a Fortune 1000 company that saw earnings jump 18 percent, to more than $92 million, in the past fiscal quarter, on revenues of more than $533 million, a rise of 17 percent from the same period last year, according to financial numbers announced April 2.
Officials from both Visa and MasterCard said March 30 that they were notifying card issuers of the breach, and that card users would hear from their issuers if there were a problem. They reiterated that card users would not be responsible for fraudulent charges put on their cards.
In a blog post March 30, Gartners Litan wrote that criminals already had begun using the stolen credit card information.
Ive spoken with folks in the card business who are seeing signs of this breach mushroom, she wrote. Looks like the hackers have started using the stolen card data more recently.
For its part, Global Payments said the company is working with third parties, regulators and law enforcement officials to to assist in the efforts to minimize potential cardholder impact. It has engaged multiple information security and forensics firms to investigate and address this issue. CEO Garcia said in a statement that the company is making rapid progress toward bringing this issue to a close.