GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View PDF of this issue

Care to Share?


Table of Contents

Lead Story

Expert advice on data security defense and planning

News

Industry Update

Merchant info possibly compromised in breach

Republican senators introduce national data security standard

ATM regs under fire, class action denied, consent decree approved

Durbin one piece of retail puzzle

Features

Research Rundown

Selling Prepaid

Prepaid in brief

Prepaid forums address challenges ahead

The new language of rewards

Views

Lead sources - the front line in sales competition

Marc Abbey and Lacy McDonnell
First Annapolis Consulting

Education

Street SmartsSM:
When you hit the doldrums, start rowing

Jeff Fortney
Clearent LLC

Revving the engines that drive success

Tom Waters
Bank Associates Merchant Services

Is the aggregator model right for you?

Chandan Mukherjee
PayCube Inc.

Be positively different to make your business stand out

Peggy Bekavac Olson

mPOS runs circles around PayPal, Square

Rick Berry
ABC Mobile Pay Inc.

Company Profile

Stream Cash LLC

New Products

A cashless ATM

Retail Teller Machine
KAL

Secure checkout for POS, web or mobile

Mercury HostedCheckout
Mercury Payment Systems LLC

Inspiration

Do you still love me?

Departments

10 Years ago in The Green Sheet

Forum

Resource Guide

Datebook

A Bigger Thing

The Green Sheet Online Edition

July 09, 2012  •  Issue 12:07:01

previous next

Merchant info possibly compromised in breach

In an update describing the investigation of a data breach discovered by Global Payments Inc. in March 2012, Paul Garcia, the company's Chairman and Chief Executive Officer, said the leading acquirer discovered hackers may have accessed personal information belonging to merchant applicants.

The vulnerable information - which the company has not confirmed was accessed - contains names, addresses, Social Security numbers, drivers license numbers and bank account numbers from merchant applications.

Merchant data in question

Garcia revealed the potential vulnerability in a conference call held June 12, 2012, to provide an update on the company's continuing investigation of the breach. He stressed during the call that "it is unclear whether the intruders looked at or took any personal information from the company's computer," but when forensic analysis revealed the data vulnerability, Global Payments decided to reveal the possible compromise.

Garcia stated he doesn't believe the thieves even looked at the file containing the sensitive information "much less took any data," but the company decided best practices compel it to contact anyone potentially impacted by a breach of the merchant accounts. "We are going to properly address the situation and try to do the right thing for all the companies involved," he said.

"We sincerely apologize for this incident and are working diligently to conclude our investigation," Garcia added. "We are committed to fully resolve any issues arising from this matter." The company is offering at-risk merchants credit monitoring and $1 million in identity protection insurance at no cost.

Breach consequences and mitigation

Global Payments anticipates it will have additional costs to bear as a result of the breach, but those costs "are manageable," Garcia said. He stated the expense will not interfere with the company's growth and that the breach's financial impact will be discussed further in the next update call scheduled for July 26, 2012.

Garcia said Global Payments can confirm that only track 2 card data (consisting of primary account number, expiration date and service code) was stolen from fewer than 1.5 million accounts. The CEO also noted that the breach did not involve its customers at the POS level, so merchants do not have to make any POS changes to process secure transactions through Global Payments.

Garcia reported that the company hired a qualified security assessor to do an independent review of the company's Payment Card Industry (PCI) Data Security Standard (DSS) compliance. When the review is complete, and remediation is concluded, Garcia promised Global Payments will work with the card networks to get the company back on the networks' list of PCI DSS-compliant service providers.

"Our confidence level is growing every day," he said. "We feel like we are getting to the end of this." Global Payments is posting investigation updates at www.2012infosecurityupdate.com.

For additional news stories, please visit www.greensheet.com and click on "Read the Entire Story" in the center column below the latest news story excerpt. This will take you to the full text of that story, followed by all other news stories posted online.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | USAePay | Super G Capital LLC | Humboldt Merchant Services | Impact Paysystems | Electronic Merchant Systems