04-04-12 | Blog Post
Nearly 1.5 million consumers have been hit by a major credit card hack – a statement by Global Payments Inc. reports that credit card numbers may have been exported by hackers with access to its payment processing system. Global Payments Inc. is one of the world’s largest electronic transaction processing companies, processing Visa and MasterCard card transactions.
Although the company has locations throughout the U.S., Canada, U.K., Europe and Asia-Pacific regions, the hackers reportedly only hit the North American portion of its network, according to MSNBC.MSN.com.
The company reports the cardholder data accessed is enough to make online purchases and potentially clone credit cards to commit fraud, despite not having access to names, addresses or social security numbers. The breach could potentially affect Visa and MasterCard cardholders, as well as Discover Financial Services and American Express. The company has launched a site, 2012 Information Security Update, to offer insight into the incident and tips for both cardholders and merchants on what to look out for and how to further protect themselves from fraud.
The unauthorized intrusion in the company’s processing system was discovered in early March, and the cards were exposed between Jan. 21 and Feb. 25. A recent update reveals the company is still investigating and states the total cost of the breach is unknown, while they are working to achieve compliance with Visa’s PCI DSS compliance requirements.
Effects of a PCI Compliance Data Breach
Visa recently removed Global Payments from its comprehensive Global Registry of Service Providers (PDF) that are official PCI DSS validated entities, although they still allow the company to process Visa card payments. MasterCard has yet to remove the company from their list of compliant processors as they are awaiting the investigation results.
What are the other consequences of a PCI data breach? MarketWatch.com reports that another credit card processor company that suffered a 40 million account breach in 2005 eventually sold their assets to another company after being dropped by multiple credit-card networks.
“Clearly not being PCI compliant has financial liability,” Global Payments Chairman and Chief Executive Garcia said, according to MarketWatch.com when questioned about the company’s lack of PCI compliance and its effect on costs for future merchant clients.
Taking risks when it comes to meeting PCI compliance standards can result in major business and reputation loss, in addition to remediation costs. Get started on the path to compliance by partnering with a PCI hosting provider that can attest to full PCI compliance (read their full report to determine the scope of requirements they cover and what your company still needs to cover). A PCI compliant hosting provider can cover many of the technical requirements you need to lighten the burden of compliance by keeping cardholder data safe within fully audited PCI compliant data centers.
Read more about the Levels of PCI Compliance to determine what kind of merchant you are based on your transaction volume, and what you need to do in order to achieve compliance. What is PCI Compliance? lists the 12 requirements that your company needs to have in place.
And our PCI Glossary of Terms defines the basic PCI hosting-related terms you need to understand any PCI document. Contact us if you still have questions.
References:
Global Payments: Under 1.5 Million Account Numbers Hacked
Global Payments Still Tallying Data Breach Costs
Visa’s Global Registry of Service Providers – PCI DSS Validated Entities (PDF)
About Global Payments Inc.
Card Firm Says Systems Now Secure