Firm dropped by Visa says under 1.5 million card numbers stolen

NEW YORK, Mon Apr 2, 2012 – Visa Inc. has dropped payment processor Global Payments Inc. from its list of approved service providers after a major cyber intrusion that could expose Visa, MasterCard, American Express and Discover card holders to fraud.

Global Payments said it believes less than 1.5 million credit card numbers were stolen in the cyber security breach.

It said so-called Track 2 card data was stolen but card holders’ names, addresses and social security numbers were not obtained. It also believes the affected part of its processing system is confined to North America.

Visa, the world’s largest credit and debit-card processing network, said it removed the company from its registry of compliant service providers due to “unauthorized access into a portion of (Global Payments’) processing system.”

It told Global Payments to revalidate its compliance processes with the payment card industry’s data security standard.

Global Payments, which is based in Atlanta and has estimated its revenues will top $2 billion this financial year, will hold a conference call with investors on Monday morning.

A person improperly using Track 2 information can transfer the account number and expiration date of a card to a magnetic stripe on a fraudulent card and then try to use it to make online purchases.

The attempt could be blocked, however, if an online merchant asks for the CVV code, or the three or four digits usually located on the back of card.

Global Payments is one of dozens of companies that operate along the payment-processing chain. They are targeted by hackers due to the vast amount of sensitive financial information they handle.

The breach was first reported by a blog on computer security and cybercrime, Krebs on Security, which said it could affect more than 10 million card holders.

Global Payments spokeswoman Amy Corn said although the company had been taken off Visa’s list of compliant service providers it continued to process transactions. “We expect to be reinstated once we have been issued a new report of compliance,” she said.

The firm, which has about 3,700 employees, was spun off from information services firm National Data Corp in 2001.

MasterCard, Visa warn of possible security breach

WILMINGTON, Del., Fri Mar 30, 2012 – MasterCard Inc. and Visa Inc. have notified U.S. banks of a potential security breach, the latest in a string of incidents that have put the personal information of millions of credit card holders at risk.

The companies, which are the two largest global credit card processors, said the issue stemmed from a third-party vendor and not their own internal systems.

Following news of the breach, the shares of Atlanta-based Global Payments Inc were halted after dropping more than 9.1 percent. A representative did not immediately return a request for comment.

Several other processing companies, including Heartland Payment Systems Inc, VeriFone Systems Inc and First Data denied responsibility for the potential breach. Card Systems Inc and WorldPay did not immediately respond to inquiries about the matter.

MasterCard said it notified law enforcement officials and has hired an independent data-security organization to review the possible breach.

A U.S. Secret Service spokesman said the agency was investigating, but declined to give any specifics about the breach.

“MasterCard is concerned whenever there is any possibility that cardholders could be inconvenienced and we continue to both monitor this event and take steps to safeguard account information,” the company said in a statement. “If cardholders have any concerns about their individual accounts, they should contact their issuing financial institution.”

Visa emphasized that customers are not responsible for fraudulent purchases.