SAN FRANCISCO -- Card processor Global Payments Inc. disclosed a security breach compromising the data of up to 1.5 million account numbers in North America last week, and said the breach has been "contained." Visa and MasterCard said their own systems weren't compromised.
Global Payments didn't say how the intruders accessed the data, but it did admit they "exported" the information, which is typically more serious than when hackers are only able to compromise security and view the data. The company said that criminals didn't obtain cardholder names, addresses and Social Security numbers, minimizing the risk of identity theft.
Banks said on Friday that they were monitoring accounts for suspicious activities. It wasn't known if they had seen any fraudulent transactions related to the breach or had started reissuing cards. Cardholders whose numbers were stolen will be notified by their credit card companies.
"Based on the forensic analysis to date, network monitoring and additional security measures, the company believes that this incident is contained," the Global Payments said.
Despite this reassurance, however, Visa has removed Global Payment from its list of hundreds of approved processors, which act as electronic payments middlemen between merchants and banks. The move doesn't stop Global Payments from processing transactions, but could raise a red flag to potential customers considering doing business with the company, according to payments industry sources. Visa said it has asked Global Payments to submit new validation showing that it complies with industry security standards.
Visa's rival payment network has not yet removed Global Payments from its list of approved processors. MasterCard Inc. said it was awaiting the results of an investigation into the breach by an external independent forensics firm to determine the appropriate actions.
Global Payments reportedly processes approximately five billion transactions a year and serves more than 1.5 million merchant locations through its electronic information network.