We may earn money when you click our links. Learn More. X

Global Payments Security Breach

Credit card with lock on keyboardEarlier this spring, Visa and MasterCard announced that a breach in security of information concerning credit cards and credit card holders had taken place. They detailed the breach as having taken place between January 21 and February 25 of 2012. Banks were warned about the activity as it could potentially have an impact on existing cardholders.

A wave of panic swept through anyone who held a Visa or MasterCard. Some people cancelled their cards while others just relied on the banks that held the cards to do damage control and make sure that if their information wasn’t safe, they were at least insured and not liable for any fraudulent transactions.

As the logic of cause and effect set in, it was assumed that security concerning identification and financial information within these companies and others like them would be tightened up. Given the data that these companies have and the ability to discover that there ever was a breach at all, it was largely assumed that this data would be used to develop more secure methods of processing and holding information. The public assumed incorrectly and once again, a new breach occurred.

Global Payments Security Breach

Global Payments Inc. discovered a data breach in early March of 2012, after the news about the breach in Visa and MasterCard had been announced and presumably, contained. However, Global Payments Inc. seeks to correlate the two events so that they seem to be one. The numbers just don’t match up for the event to be one solitary incident.

Are The Two Incidents Connected?

If the two issues are connected, then it stands to reason there may be more data leaks in existence that simply have not been discovered yet. When it comes to Global Payments Inc., the information that was breached had to do with merchant processing. When cardholders try to use their credit cards to pay for items they are trying to purchase, Global Payments Inc. receives that information. Apparently, so did an unknown third party.

What Was Compromised?

While Global Payments Inc. insists that the incident is contained and that the only information the suspects had access to were credit card numbers, there is still some speculation that information such as addresses, names and driver’s license numbers were also at risk. Global Payments discovered that a database that stores merchant’s private information appeared to be breached.

If personal identifying information was exposed during this data breach, cardholders everywhere are at the mercy of those who have that information. It is possible with this information to apply for more lines of credit in the way of loans and credit cards. Since many of these applications are now processed online, there is no longer the security about having to appear in person to apply for these lines of credit.

The most hopeful scenario is that only the credit card numbers were taken. This information still leaves consumers open to the possibility of credit card fraud. And while some companies require the three security numbers found on the back of the card before they process any orders, not all do. For those who do not require this information, it is very easy to order items just by using the credit card number.

The disturbing part of this entire scenario is that Global Payments Inc. is trying so hard to present this breach as being one in the same as the breach with Visa and MasterCard. However, the two incidents happened in entirely different time frames, so they are either separate incidents or the entire breach is much larger and better coordinated than anyone had originally suspected. Naturally, Global Payments Inc. is limited in how much they can reveal at this point since the investigation is ongoing. They are unwilling to present information that could assist those who are involved in the breach.

Consumer Action

For now, there is not much that consumers can do about the situation in the way of damage control other than keeping an eye on each card they have. Consumers might also cancel current cards and ask for replacement ones so that they get new numbers to replace the ones that may have been involved in the incident.

While you can’t stop things like this from happening when the issue is within a company and not from your own actions, there is a lot you can to make sure that you aren’t putting yourself at risk through your own shopping and bill payment methods.

If you pay your bills online, be sure to clean your cookies and browsing history after the payment was made. You should also make sure that the site you make your payments on is a secure one. It is always a good idea to change you pin number occasionally, just like you should change your password on various sites occasionally.

When you shop using your credit card at an actual store, be smart about how you make your payment. Turn your body so the numbers on the card are not visible to the person behind you. If need be, cover the pad with your hand while typing in your pin number. One easy way to avoid allowing people to see the numbers on your card or your pin number as you put it in is to make sure to keep your shopping cart behind you rather than in front of you. This limits the ability for the person behind you to see small details such as credit card number or a pin number as you put it in the system.

Make sure your bank or cardholder is working for you. If they do not have a fraud protection system in place that protects you and your funds in the case of credit card theft or fraud, they are not a company worth banking with. It is also a good idea to purchase fraud protection insurance if you can.

Visa’s Response To The Global Payments Security Breach

Updated on August 20, 2012

On Friday, March 30, 2012, Global Payments, a little-known card payment processing company based in Atlanta, Georgia, confirmed a potential security breach that industry insiders suspected could have affected potentially hundreds of thousands of customers who pay with Visa or Mastercard. By April 1, 2012, the number of affected individuals was up to one and a half million or even more. Investigators were furiously trying to uncover exactly what information had been accessed when Global

Payments’ systems were viewed without authorization. The U.S. government, and the public, were demanding ways to make credit card payments more secure, as well as that action be taken to keep card users safe. Meanwhile, a team of experts worked overtime at Global Payments to both contain the breach and find the root causes, while Visa and Mastercard sought ways to save their own solid company reputations in the wake of the security breach.

Companies Strategize On How To Cope With The Breach

Krebs On Security blog was the first to break the story to the public on Friday morning, with blogger Brian Krebs alarming the public that as many as ten million people could have been affected. Immediately following, Bank of America Corp., J.P. Morgan Chase and Co., and Discover Financial Services all had administrative staff working the case and determining when to reissue bank cards and how many reissues would be necessary.

Global Payments provides the processing center link between the banks themselves and retailers who wish to accept payments via bank cards. The initial size of the breach was suspected on the blog and in the media to be smaller because of the relatively small size of the breach, even though as a payment processing center, Global Payments does have access to vast amounts of sensitive customer financial information.

Banks issuing the cards struggled through larger security breaches that occurred in the past several years before this, and were keenly aware of the level of administrative costs that cleanup might incur. Card reissues, for instance, are oftentimes a larger administrative cost than the actual fraud itself. Both Visa and Mastercard knew they would also need to take action, to save face with the public as well as ensure that secure processing centers were being used for accepting payments. Each of those two companies were quick to confirm, however, that their own security systems had not been breached.

Visa Punishes Global Payments

Visa and Mastercard both sought to rectify the security situation, issuing non-public alerts about Global Payments’ security breach to their network of banks and monitoring the card processors’ efforts at hiring an independent investigator to look into the issue. Visa took the next step in making customers aware that Global Payments let them down: Visa removed the company from its list of approved service providers.

Although the move does not mean that merchants are barred from using Global Payments to process Visa card purchases, it had a major negative impact on the company’s public image. The removal also brought further publicity to the issue, and forced Global Payments to fully assure that they were in compliance with Visa’s policies. In a show of good faith, Visa did apply Global Payments to re-apply for approved vendor status when they could provide proof that they were in full compliance with the rules.

During The Independent Investigation

Paul R. Garcia, Chairman and CEO of Global Payments, issued a formal apology to the public about the breach and informed everyone of the independent investigation team that had been hired. Payment processing services, he said, would not be interrupted.

The services thus were continued despite the revoke of approval by Visa. Mastercard did not opt to interrupt services with Global Payments, stating instead that they would await further information and review the evidence of the investigation. All potentially affected customers were notified in writing that they may have been the victim of the security breach, and customers were then offered monitoring services and identity protection insurance free of charge, all provided by Global Payments and affiliates.

These measures were meant to put customers’ minds at as much ease as possible, yet keep them apprised of the situation at hand. Visa experienced a technical difficulty shortly after the breach, leaving debit and credit card users unable to make transactions for about forty-five minutes; the technical problem was quickly acknowledged to the press but confirmed to be unrelated to the security breach itself despite time coincidence.

The Aftermath Of The Security Breach

Global Payments made the announcement at the end of the day and took other measures to prevent a complete plummet of its stock prices, including halting trades early. Despite stock prices sharply dropping, some experts still speculated that the payment processing company would recover from the incident. During the second week of June, 2012, the company confirmed that the breach was contained, and made a statement regarding the extensive progress that had been made by its independent investigation team.

The information in the leak was most likely limited to card numbers and expiration dates, or what the investigators called ‘Track 2’ data. Beyond this, it was not clear to the team whether or not other pieces of personal information such as names, addresses, birth dates, and so forth, had been accessed or viewed by the hackers.

All potential victims have their credit histories flagged for seven years, the main advantage of this being that they will receive a phone call from a grantor if someone attempts to open an account in their name.

The Effect On Global Payments

Reports by the end of July, 2012 indicated that quarterly profits had plummeted ninety percent. Despite the fact that the 1.5 million potentially affected cardholders was a relatively low number considering the much larger size and scope of other recent security breaches, the total cost to Global Payments was officially listed as $84.4 million before tax. Company revenue, however, continues to grow at relatively strong rates, and the company continues normal operation and expansion despite the setback.

Was this article helpful?

Thank you for your feedback!

Tell us how we can make your experience better next time.

6 responses to “Global Payments Security Breach”

  1. This is exactly the kind of thing that really freaks me out. Now there are all these questions about what information was really compromised and how many other times something like this happens and they don't tell anyone. It seems like it is pretty much impossible to trust anyone any more. The world has become a scary place and the more virtual it gets, the more we need to be on our guard.

    You know, there really are still people who don't get on the Internet every day. They don't even know what a virtual life is, so they really don't know how to protect themselves from thee kinds of fraud. You don't have to be online for your personal information to be there. But if you aren't you are not getting information like this and you probably have no idea how to protect yourself from the many kinds of fraud that exist now.

    Other than that, people need to stop being so trusting with their information. We all tend to assume that it is safe and secure, never suspecting that a swipe of a credit card while getting gas or something could end our entire financial world.

  2. The security breach suffered by Global Payments seems to have everyone talking and considering new ideas and ways to combat fraud and improve data security. It seems that the hackers or thieves were relatively small potatoes, although that alone may be even more troubling that they were able to break into the system.

    As a third party middle man in the chain of data processing Global Payments came between the customer and Visa/MasterCard. Of course, Visa and MasterCard acted promptly to get a handle on the situation. Within a very short period of time, Visa also dropped Global Payments from their network of compliant secure processors.

    One of the most important effects of this breach is that now a lot of businesses are talking about ways to improve their own security efforts. It seems that no one wants to be the next GP. This is a good thing. Of course, many companies had already known that upgrades to their security efforts were going to be needed, but it is great to see them getting off to a fast start.

  3. I can't help but cringe when I see information like this. As someone who has several credit cards, it can be frustrating to learn that your information may have been compromised, but there's nothing you can really do about it. I sometimes think that companies do not take security seriously and honestly, I feel they should be held responsible for their negligence.

    It's not just credit card companies who are being negligent with customers information either. As a freelance writer I was horribly disappointed that Yahoo had allowed my information to be compromised. When one of their servers was recently hacked, I was a victim whose information had been stolen. I immediately changed passwords with a number of companies and was lucky to not be affected, but knew many that suffered terribly from Yahoo's negligence.

     Whether it's a credit card company or a website, security should be a priority with any company that collects personal information that could be used for fraudulent purposes. Unfortunately, many companies are more interested in profit than security. Unless companies change their ways, or the government forces them to, I suspect that we will see many more instances like these.

  4. Global Payments has now joined the list of companies which have suffered serious breaches of their databases. Many of the incidents have involved exposing a huge amount of customer data and information. Of course, the companies very rarely seem wiling to admit about exactly what type of information was exposed and who should consider themselves at risk.

    All of this begs the question about how we can really protect ourselves from future incidents. The problem is that there will be future incidents somewhere; this is simply not avoidable.

    I suppose that we could all become much more suspicious about what companies we trust with our personal information. Instead of just quietly providing our social security numbers, ask why that is needed. If there is not a valid reason, provide an alternate number or means of identification. In many cases, there is simply no legal basis for a business to have your social security number. Try asking the question why. This alone should start to get some of your personal data more difficult for thieves and hackers to obtain. Also, be more careful about where you use credit cards.

  5. As most people are probably well aware of, there have been a number of credit card breaches in recent years. This includes even Visa and Mastercard themselves, along with a number of other companies such as Global Payments. This article simply asks the question of whether or not all of these incidents could be connected.

    I have to wonder, along with the author, about what is really going on here. I also wonder whether or not any of these companies have really been totally honest with the public about what exactly these breaches constituted. Do we simply believe that it was ‘just’ credit card numbers which were compromised? What about more sensitive personally identifiable information?

    An even better question is what we can do about all this. As the author correctly points out, not there is not much that can be done right now. The best we can do is remaining vigilant and closely monitor ALL of our accounts for any signs of unusual or suspicious activity. Of course, if we see anything, it should be immediately reported to our bank.

  6. To me, this information was pretty scary. The fact that this could even happen is something I have worried about ever since things started going more and more away from cash transactions. Security is something that you don't want to have to worry about when it comes to other people having access to your money, or even just your private information. So, I think it is bad enough that the company allowed this to happen, but then they are trying to cover it up and are just now announcing that there was a security issue? That probably was not the best choice to make when you are a company whose business is pretty much to develop trust in others so you can profit from their transactions.

    The only good I can see coming out of this is that people might start to get serious about protecting their personal information. Even if you do all you can to protect it, there is still the potential for something like this to happen, but you don't have to make it eay for them.

Leave a Reply

Back to Top

We use cookies to enhance your website experience. By continuing to use our site you agree to the use of cookies in accordance with our policy. Click for more information to find out what cookies we use, what they do and how you can disable them.