Statements on Global Payments Breach

Full Text of News Releases on Processor Incident
Statements on Global Payments Breach

As news of the Global Payments Inc. data breach spread, impacted organizations, including the major payment card brands, released statements about the incident. Following are the latest news releases.

See Also: Bank Payment Clearance Vulnerabilities: Faster Payments, Faster Fraud?

Global Payments Inc.

April 1 statement:

Global Payments Inc. (NYSE: GPN), a leader in payment processing services, announced on Friday, March 30, 2012 that it identified and self-reported unauthorized access into its processing system. The company believes that the affected portion of its processing system is confined to North America and less than 1,500,000 card numbers may have been exported. The investigation to date has revealed that Track 2 card data may have been stolen, but that cardholder names, addresses and social security numbers were not obtained by the criminals. Based on the forensic analysis to date, network monitoring and additional security measures, the company believes that this incident is contained.

The company continues to work with industry third parties, regulators and law enforcement to assist in the efforts to minimize potential cardholder impact. It has engaged multiple information security and forensics firms to investigate and address this issue.

"We are making rapid progress toward bringing this issue to a close. Our nearly 4,000 employees around the world are focused on providing exceptional service. We are open for business and continue to process transactions for all of the card brands," said Chairman and CEO Paul R. Garcia.

March 30 statement:

Global Payments Inc. (NYSE: GPN), a leader in payment processing services, announced it identified and self-reported unauthorized access into a portion of its processing system. In early March 2012, the company determined card data may have been accessed. It immediately engaged external experts in information technology forensics and contacted federal law enforcement. The company promptly notified appropriate industry parties to allow them to minimize potential cardholder impact. The company is continuing its investigation into this matter.

"It is reassuring that our security processes detected an intrusion. It is crucial to understand that this incident does not involve our merchants or their relationships with their customers," said Chairman and CEO Paul R. Garcia.

Global Payments will hold a conference call Monday, April 2, 2012 at 8:00 AM EDT. Callers may access the conference call via the investor relations page of the Company's Web site at www.globalpaymentsinc.com by clicking the "Webcast" button; or callers in North America may dial 1-888-895-3550 and callers outside North America may dial 1-706-758-8809. The pass code is "GPN."

Visa Inc.

Visa Inc. is aware of an announcement from Global Payments Inc. that it experienced unauthorized access into a portion of its processing system that may have exposed payment card information from all major card brands. There has been no breach of Visa systems, including its core processing network VisaNet.

Visa has provided payment card issuers with the affected account numbers so they can take steps to protect consumers through independent fraud monitoring and, if needed, reissuing cards.

It's important for U.S. Visa consumer cardholders to know they are protected against fraudulent purchases with Visa's zero liability fraud protection policy, which exceeds federal safeguards. As always, Visa encourages cardholders to regularly monitor their accounts and to notify their issuing financial institution promptly of any unusual activity. Additional consumer security tips are available at www.VisaSecuritySense.com.

Every business that handles payment card information is expected to protect the security and privacy of their customers' financial information by adhering to the highest data protection standards. Visa also supports advanced security layers such as encryption, tokenization and dynamic authentication through EMV chip technology to further protect sensitive account information and minimize the impact of data compromises.

MasterCard

MasterCard is currently investigating a potential account data compromise event of a U.S.-based entity and, as a result, we have alerted payment card issuers regarding certain MasterCard accounts that are potentially at risk.

MasterCard is concerned whenever there is any possibility that cardholders could be inconvenienced and we continue to both monitor this event and take steps to safeguard account information. If cardholders have any concerns about their individual accounts, they should contact their issuing financial institution.

Law enforcement has been notified of this matter and the incident is currently the subject of an ongoing forensic review by an independent data security organization. It is important to note that MasterCard's own systems have not been compromised in any manner.

American Express

We are aware of and are closely monitoring this situation. Here is what we know at the moment:

  • Global Payments is currently investigating the incident, including what impact there may be to any credit card information. We are continuing to work with Global Payments to determine the extent to which our cardmember data may have been affected.
  • Once we have more details and information, we will be able to be more specific about any possible American Express impact.
  • In addition, we actively monitor accounts for fraud on an ongoing basis. If we see there is unusual activity which may be fraud, our standard practice is to immediately contact the customer. I have no further details at this time.
  • In any event, American Express Cardmembers are not held liable for any fraudulent charges on their account.

Discover

As of right now, we are aware of the situation, are monitoring accounts for suspicious activity and will reissue plastics as appropriate. Discover's top priority is maintaining the privacy and security of our cardholders. As always, due to our $0 fraud liability guarantee, our cardmembers are never responsible for unauthorized charges on their accounts, whether online, offline, anytime, anywhere. If a cardmember believes their account may have been affected, they should call us at 1-800-DISCOVER.


About the Author

Information Security Media Group

Information Security Media Group (ISMG) is the largest media company solely focused on Information Security, Risk Management, Fraud, Compliance and other related topics.




Around the Network