In what might signal the closing chapter in the CardSystem credit-card security breach saga, CyberSource Friday announced its intent to acquire all of CardSystems assets for an undisclosed amount.
In May, CardSystems Inc. reported its role in the nations largest known data security breach, when it revealed that someone had broken into its systems and stolen the details of as many as 40 million payment cards, including names, account numbers and expiration dates.
CardSystems might have been considered the victim in the incident had it not admitted to having violated its contracts with Visa, American Express and others by failing to encrypt credit card transaction data and by keeping on file card verification numbers that are never supposed to be stored.
The day before testifying before a U.S. House subcommittee, both Visa and American Express announced they were terminating their relationships with CardSystems. MasterCard said it would continue if CardSystems met various criteria.
Fridays statement from CyberSource confirmed that it had signed on Sept. 20 a non-binding letter of intent to acquire the assets of CardSystems.
Those assets, the statement said, include “CardSystems advanced payment processing platform with direct connections to major credit card association networks and banks, contracts to process credit card transactions on behalf of more than 120,000 merchants representing more than $18 billion in annual processing volume and a network of Independent Sales Organizations (ISOs).”
The distinction between wanting to purchase the assets of CardSystems and purchasing the company itself is significant, said Colin Gillis, the equity research analyst who tracks CyberSource for the Adams Harkness Inc. investment firm.