UK: Theft Of 1.5m Cardholder Records Puts Global Payments On VISA's Black List

VISA has dropped Global Payments, the payment processor, from its list of approved service providers following a data security breach that could potentially expose credit card details of up to 1.5 million US cardholders.

Global Payments was subject to a cyber security attack into a .portion of its processing system. which exposed card details, although the company was at pains to stress that cardholders. names, addresses and social security numbers were safe.

VISA has indicated that Global Payments must revalidate its compliance processes with the Payment Card Industry Data Security Standard (PCI DSS) before it can be assumed back on to its list of approved service providers.

PCI DSS is a set of technical, organisational and operational requirements imposed by the Payment Card Industry Security Standards Council to protect cardholder data, enforced by the major payment card brands. The standards cover all parties involved in the payment chain process from individual merchants to manufacturers and payment processors. If a business accepts or processes payment cards, it must comply with PCI DSS.

In a statement, VISA said: .It is essential that every business that handles payment card information adheres to the highest standards to protect the security and privacy of cardholder information and remain vigilant over time.

Global Payments have since ascertained that the attack breached access to its systems, although it is believed the attack was confined to its systems in North America. Global Payments said that, as far as they were aware, there had been no fraudulent transaction stemming from the attack but advised customers to monitor their bills as a precaution.

The incident highlights the acute risks to all parties involved in the payment processing chain to ensure that all cardholder data is held securely and in compliance with the PCI DSS to mitigate the risk of reputational damage or business interruption, such as has happened to Global Payments. Ultimately cardholder data is only as safe as the weakest link. The incident emphasizes the enormous damage to reputation and commercial harm that an organisation can suffer from a data security incident. Global Payments will now be expending significant management time working with professional advisors, insurers, regulators, industry players and law enforcement agencies to minimise the fallout to cardholders. Security commentators have already warned of a potential increase in .spear phishing attacks. whereby affected individuals are targeted by fraudsters with a view to being duped into handing over further personal information.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.