Visa Pulls Seal of Approval from Global Payments

ATLANTA — Visa has taken a rare step and dropped payments processor Global Payments Inc. from its list of approved service providers after the company reported that as many as 1.5 million credit card accounts may have been compromised by hackers.

Visa notified Global Payments it removed the company from its registry of compliant service providers due to "unauthorized access into a portion of (Global Payments') processing system," the Atlanta processor confirmed this morning during a conference call with reporters. Visa has asked Global Payments to revalidate its compliance processes with the payment card industry's data security standard, known as PCI.

"Visa has removed us from its PCI compliant list pending on the results of our work. This was not unexpected," said Paul Garcia, president and CEO of Global Payments, who emphasized the company is continuing to process Visa transactions. So the short-term impact of the Visa move is expected to be negligible, but if the company fails to recertify it could prompt merchants to terminate processing contracts.

So-called Track 2 card data was stolen but card holders' names, addresses and social security numbers were not obtained, said Garcia. He said the affected part of its processing system is confined to North America. He said the breach has affected fewer than 1.5 million Visa, MasterCard, Discover and American Express cards and they are unaware of any fraudulent transactions on the accounts.

A person improperly using Track 2 information can transfer the account number and expiration date of a card to a magnetic stripe on a fraudulent card and then try to use it to make online purchases. The attempt could be blocked, however, if an online merchant asks for the CVV code, or the three or four digits usually located on the back of card.

Global Payments, spun off from information services firm National Data Corp in 2001, processes credit card transactions for merchants, card issuers, government agencies, and others in the U.S., Canada, Europe and the Asia-Pacific region.

The company continues to work with regulators, industry third parties and law enforcement to help in the effort to minimize the potential impact on credit cardholders, said Garcia.

He said that, based on forensic analysis to date, network monitoring and added security measures, it believes the incident has been contained.

For reprint and licensing requests for this article, click here.
Bank technology Consumer banking
MORE FROM AMERICAN BANKER