Auto Focus

Global Payments Data Breach: What We Know

On Friday, Global Payments announced a breach of its processing system and that as many as 1.5 million card numbers may have been stolen. Over the weekend, Visa removed Global Payments from its PCI compliance list. What does that mean to you?

April 4, 2012

SHARING TOOLS        | Print Subscribe

On Friday, March 30, credit card transaction processor Global Payments announced it had identified a breach of its processing system and that as many as 1.5 million card numbers may have been stolen. Visa has subsequently removed Global Payments from its PCI (Payment Card Industry) compliance list.

For car rental operators or any merchant using Global Payments’ services, this is cause for concern. Here is what we know culled from statements made by CEO Paul Garcia in a conference call with investors Monday morning, statements disseminated by Global Payments on its website, calls with Global Payments representatives and statements from Visa.

On the conference call, Garcia said that the theft was confined to North America and that cardholder names, addresses, social security numbers or consumer banking information were not obtained by the criminals. The attack was confined to a few North American servers. It is important to note that the potential 1.5 million card numbers are a mere fraction of the millions of accounts processed through Global Payments.

ADVERTISEMENT

News reports surfaced that fraudulent activity had been linked to some of those accounts. Those news reports have been discredited. No fraudulent activity has been reported on those accounts, according to Global Payments.

Most importantly for car rental companies, no merchant accounts have been affected. Global Payments continues to process Visa transactions in the same manner. A Visa spokesperson confirmed this.

“I cannot stress more vehemently that this does not involve our merchants, our sales partners or their relationships with their customers,” Garcia said on the call. “Neither merchant systems nor point-of-sale devices were involved in any way.”

Car rental companies and other merchants do not have a responsibility to notify clients of this breach. In general, the merchant has no liability in this matter.

Questions arose whether removal from Visa’s PCI compliance list would expose merchants to possible chargebacks or other costs. Those procedures haven’t changed. A Visa spokesperson reiterated that point-of-sale merchants are generally not held liable for fraudulent transactions provided they follow proper procedure. The incident has no impact on transaction processing or normal chargeback processes.

Garcia said Global Payments has the situation contained. When will Visa reinstate Global Payments on its PCI compliance list? No one can say, but the timeline is dependent on finishing the investigation. Regardless, Garcia said he expects the company will be reinstated once it has been issued a new report of compliance.

On questioning during the conference call, Garcia was asked if the company will step up R&D or system spending as a result. “Are we going to spend even more amount of money, quite frankly, on security?” responded Garcia. “The answer is yes.”

For updates on the data breach, visit www.2012infosecurityupdate.com.

Comment On This Story

Name:  
Email: (Email will not be displayed.)  
Comment: (Maximum 2000 characters)  
Leave this field empty:
* Please note that every comment is moderated.

Author Bio

Chris Brown

Executive Editor

Chris is the executive editor of Business Fleet Magazine and Auto Rental News. He covers all aspects of the fleet world.

Sponsored by

Newsletter

We offer e-newsletters that deliver targeted news and information for the entire fleet industry.



GotQuestions?

LUBRICANTS

The expert, Mark Betner from Citgo will answer your questions
Ask a question

Sponsored by

Magazine