NEW YORK, Mon Apr 2, 2012 – Visa Inc. has dropped payment processor Global Payments Inc. from its list of approved service providers after a major cyber intrusion that could expose Visa, MasterCard, American Express and Discover card holders to fraud.
Global Payments said it believes less than 1.5 million credit card numbers were stolen in the cyber security breach.
It said so-called Track 2 card data was stolen but card holders’ names, addresses and social security numbers were not obtained. It also believes the affected part of its processing system is confined to North America.
Visa, the world’s largest credit and debit-card processing network, said it removed the company from its registry of compliant service providers due to “unauthorized access into a portion of (Global Payments’) processing system.”
It told Global Payments to revalidate its compliance processes with the payment card industry’s data security standard.
Global Payments, which is based in Atlanta and has estimated its revenues will top $2 billion this financial year, will hold a conference call with investors on Monday morning.
A person improperly using Track 2 information can transfer the account number and expiration date of a card to a magnetic stripe on a fraudulent card and then try to use it to make online purchases.
The attempt could be blocked, however, if an online merchant asks for the CVV code, or the three or four digits usually located on the back of card.
Global Payments is one of dozens of companies that operate along the payment-processing chain. They are targeted by hackers due to the vast amount of sensitive financial information they handle.
The breach was first reported by a blog on computer security and cybercrime, Krebs on Security, which said it could affect more than 10 million card holders.
Global Payments spokeswoman Amy Corn said although the company had been taken off Visa’s list of compliant service providers it continued to process transactions. “We expect to be reinstated once we have been issued a new report of compliance,” she said.
The firm, which has about 3,700 employees, was spun off from information services firm National Data Corp in 2001.