OpManager: A single console to manage your complete IT infrastructure. Click here for a 30-day free trial.
Welcome Guest | Sign In

Troubles Multiply for Global Payments

By Erika Morphy E-Commerce Times ECT News Network
Apr 3, 2012 9:21 AM PT

Visa has dropped Global Payments from the list of companies that it deems compliant with its security policies following news that the third-party vendor experienced a security breach that could have compromised some 1.5 million Visa and MasterCard accounts.

Troubles Multiply for Global Payments

The breach first came to light at the end of the last week, and Global Payments has since admitted it was the source. The company has taken a number of steps to enlighten the public, including the establishment of a dedicated Web page for cardholders and vendors.

The incident took place early in March, according to Global Payments. The company provided little detail about how it happened or its impact, but did say it had been contained.

Global Payments declined to provide further details. Visa did not respond to our request to comment for this story.

How It Happened

While all the parties are zip-lipped about the data theft, there's plenty of buzz about how it may have occurred.

One rumor blames members of a New York-based Latin American gang. They may have guessed the answers to some knowledge based authentication (KBA) questions, enabling them to crack passwords, security consultant Robert Siciliano told the E-Commerce Times.

A Doozy of a Breach

How it happened, though, is immaterial to cardholders and merchants that might be defrauded. Clearly this security breach was a doozy, said Christopher Ciabarra, CTO with Revel Systems.

"This is a big deal and turning into a bigger one with Visa's decision is to drop the company," he told the E-Commerce Times.

It is understandable that Visa dropped Global Payments, Tim Keanini, CTO for nCircle, told the E-Commerce Times.

"Cleaning up after a breach that includes 1.5 million cards will require an enormous mop and a whole lot of elbow grease," he said.

MasterCard will probably follow suit within a few days, Keanini predicted.

What Can Cardholders Do?

There is no way a consumer can tell whether any given card transaction was processed by Global Payments. However, its size suggests it's more than likely that most card-using consumers have been touched by the vendor at some point.

One basic security measure consumers can take, according to Keanini, is to set up an alert for transactions greater than US$50 to allow verification. Another option is to have a new card issued.

MasterCard and Visa are contacting the banks that issued the credit cards that were impacted and automatically replacing cards known to be compromised, noted Chet Wisniewski, senior security advisor at Sophos.

"It is a good practice to review all transactions on your statement each month, regardless of whether you think your card has been involved in a data breach," he told the E-Commerce Times.

Still, such advice doesn't take into account the possibility of identity theft down the road, noted Peter J. Toren, attorney with Weisbrod Matteis & Copley.

"While this seems unlikely given the type of information stolen, it is possible that the hackers can use this information to gain access to other types of information, or combine it with publicly available information that could be used in identity thefts," he told the E-Commerce Times.

Customer Backlash

Also, no matter how responsive and accommodating MasterCard and Visa will be in the coming days, they will almost certainly experience a backlash from irate customers, Toren continued.

"I don't think that most credit card users appreciate that much of the information they provide to Visa/MasterCard is not managed by these companies but is managed by third-party vendors," he said.

Facebook Twitter LinkedIn Google+ RSS
I plan to do my holiday shopping…
Online only -- I like the convenience and comfort.
Online only -- I'd shop in stores if their stock weren't so limited.
At brick-and-mortar stores only -- I like to see what I'm getting.
At brick-and-mortar stores only -- I enjoy the holiday shopping atmosphere.
At brick-and-mortar stores only -- I want to support local merchants.
Online and in stores -- I want the best of both worlds.
I'm not planning on doing any holiday shopping.