Global Payments Loses Visa Support After Hack

Another data breach in the online payments world, this one resulting in Global Payments losing its Visa certification.  Global Payments Inc., the provider of electronic transaction processing services for merchants, ISOs, financial institutions, government agencies and multi-national corporations, announced last Friday that their system had been hacked.

In their most recent update, the company identified that the breach was confined to North America, and less than 1.5 million card numbers were exported by the hackers.  Global Payments also revealed that Track 2 card data were the ones stolen but cardholder names, addresses, and social security numbers were not obtained by the culprits.

“We are making rapid progress toward bringing the issue to a close,” said Global Payment Chairman and CEO Paul R. Garcia.  “Our nearly 4,000 employees around the world are focused in providing exceptional service.  We are open for business and continue to process transactions for all of the card brands.”

Global Payments no longer Visa-approved

Though Global Payments stated that they’re running business as usual, Visa decide to pull their account from the company’s list of “compliant service providers.”  The list includes companies that serve as middlemen between merchants and banks in the complex industry of electronic payments.  Visa’s decision complies with industry security standards.

Visa notified Global Payments of their decision and asked them to submit a new validation that shows their system is secured.

Global Payments confirmed that they were removed from Visa’s list but assured everyone that they’re working on the problem and they have every intention of appearing on Visa’s list once more.

“We expect to be reinstated once we have been issued a new report of compliance,” Amy Corn, a spokeswoman for Global Payments said. She didn’t say when the company expects that to occur.

“We continue to process transactions for our merchants and our customers with the same efficiency and care they have come to expect,” she said.

MasterCard, though sharing the same “compliant service providers” list with Visa, hasn’t removed Global Payments, but stated that they will consider appropriate actions for the Global Payment incident.

Visa and MasterCard already already notified card-issuing banks regarding the breach and that that their consumer transaction data may be at risk.  Visa informed the banks that the breach from the third-party service provider happened between January 25 and February 25.

In 2005, Visa threatened to remove CardSystems Solutions Inc. from their list after the payment-processing company left 40 million credit-and-debit accounts vulnerable to hackers in a massive breach.  But before the company was kicked from the list, CardSystems sold their assets to another company.

Consumers may bail

It’s one thing to get kicked off a list that you can get back in, but it’s another thing when you start losing customers, and I’m not just talking about Global Payments.

Consumers rely heavily on trust when it comes to e-commerce, and when that trust is breached because of an unsecured system that renders their data vulnerable, you can be sure that they will walk away.

Transactis, a third-party payments service provider, conducted a survey among 1,000 UK consumers revealing that 83% of users would continue buying from a firm if that business is seen to handle their data responsibly; three-quarters of respondents say that the use of their data to tailor promotions and services would also encourage loyalty and nurture trust; two-thirds stated that they’ve already abandoned a company because their data wasn’t handled responsibly either by failure to keep it secure, passing it on to third-parties or erroneous information; and 95% stated that they would be “very inclined” to move to a competitor if they felt unhappy with how their personal data was handled.

“When companies alienate customers and lose their confidence by handling personal details irresponsibly, however, consumer punishment is harsh and damaging, as they turn their back on a brand they feel has abused their trust,” said Michael Green, Insight Director at Transactis.  “Firms that fail to learn that lesson will feel the financial impact in a very direct way.”