Vendors
日本語
search
  2. //
  3. Reports & insights
  4. //
  5. Some Facts About Data Breach at Global Payments

Some Facts About Data Breach at Global Payments

Create a vendor selection project
Click to express your interest in this report
Indication of coverage against your requirements
A subscription is required to activate this feature. Contact us for more info.
Celent have reviewed this profile and believe it to be accurate.
We are waiting for the vendor to publish their solution profile. Contact us or request the RFX.
Projects allow you to export Registered Vendor details and survey responses for analysis outside of Marsh CND. Please refer to the Marsh CND User Guide for detailed instructions.
Download Registered Vendor Survey responses as PDF
Contact vendor directly with specific questions (ie. pricing, capacity, etc)
2 April 2012
Zilvinas Bareisis
Last Friday, the press began reporting about a major data breach at Global Payments, a large US card processor. As always in the early stages of such events, there were plenty of rumours and speculation with various sources reporting stolen card numbers to be as low as 50,000 or as high as 10 million. This morning, as I write this, Global Payments is holding a conference call to provide us all with more information. So, this is what we have directly from the company:
  • Up to 1.5m cards records "may" have been affected;
  • The incident is contained to North America only;
  • Only Track 2 data has been taken (not Track 1 data and not customer name, address, etc.);
  • Visa removed Global Payments from a PCI compliance list;
  • The incident does not involve any merchants, ISOs or customers and occurred on some "local servers" at Global Payments;
  • Due to the ongoing federal investigation, the company can't be specific about timelines, but did confirm that "about 3 weeks ago" it discovered that some card data "may have been taken" and immediately contacted federal law enforcement agencies and the schemes;
  • Customers are "encouraged to be vigilant". Also, the company is setting up an information site for consumers which should be operational later today: http://www.2012infosecurityupdate.com/
The trading of Global Payments shares was suspended on Friday and the full impact on the company remains to be difficult to estimate at this stage. However, the executives on the call remained positive and stressed that the company:
  • Continues to process all card transactions, including Visa;
  • Is working with the schemes and other parties to address the situation; "~100 people are working on this";
  • Intends to get its ROC (Record of Compliance) back "as soon as it is humanly possible";
  • Will continue with its planned investments in other areas, but also will "spend even more on security" going forward;
  • Expects to come out stronger and more experienced as a result, and believes that their customers will recognise this.
Data breaches are unpleasant, dangerous and costly. They are also a fact of life. In our most recent payment trends report, we called retail payments security as an important focus area for 2012. As commerce environment gets more complex (online, offline, mobile, etc.) and as access points to payments proliferate, security issues are only getting more complex. What are your thoughts on how best to ensure payments security in the digital age?

Comments

  • [...] Zilvinas’ full account here Email TAGS: banking, payments, payments [...]