NEW YORK (Dow Jones) -- Global Payments Inc. (GPN), one of the
largest processors of Visa Inc. (V) and MasterCard Inc. (MA) card
transactions, is working around the clock to stem fallout from a
data breach that exposed as many as 1.5 million cardholder
accounts, executives said Monday.
The Atlanta-based company believes it has entirely contained an
intrusion of its processing system it discovered in early March,
which it disclosed late Friday after trading of its stock was
halted following a Wall Street Journal report naming it as the
source of a breach.
Since the incident came to light, Visa removed Global Payments
from a list of approved service providers it maintains, though the
company remains able to continue processing Visa card payments,
Global Payments Chairman and Chief Executive Paul Garcia said.
"We are working around the clock literally ... with all the card
associations to get" back in compliance, Garcia said during a
conference call with analysts.
On Sunday, Global Payments released additional information about
the breach, saying it believes less than 1.5 million accounts were
exposed. It said the accounts were limited to North America, and
cardholder names, addresses and Social Security numbers were not
obtained in the breach. However, other information, including card
numbers that can be used to create counterfeit cards was exported
from its system.
"We have a high degree of confidence in that number," Garcia
said, stressing the company will update investors if it determines
the size of the breach has changed.
The company has set up a website for consumers seeking
information about the breach at www.2012infosecurityupdate.com.
Global Payments has not quantified the total cost associated
with the breach, though it expects to record a charge once it has
determine all steps it will need to take to rectify the situation,
executives said.
Greg Smith, an analyst with Sterne Agee, said he expects
expenses stemming from the breach to be in the "tens-of-millions of
dollars."
"We do view the situation as manageable from both a financial
and competitive standpoint," Smith wrote in a research note
Monday.
News of the breach sparked new concerns over security in the
credit-card industry. The incident potentially affects cards
bearing the logos of Visa and MasterCard, as well as Discover
Financial Services (DFS) and American Express Co. (AXP), though the
card companies' systems were not breached.
Visa and MasterCard have been notifying banks about the incident
in recent days. Visa told the banks that the cards were exposed
between Jan. 21 and Feb. 25, according to a memo reviewed by The
Wall Street Journal.
Global Payments did not disclose specific details about how the
attack occurred but said it affected a "subset" of its North
American processing system. Federal law enforcement, including the
U.S. Secret Service, are investigating the incident. Total costs to
the company will also depend on steps banks must take to rectify
fraud that may occur, for which Global Payments is "absolutely" on
the hook, Garcia said.
Global Payments' shares were down 3.4% at $45.90 in recent
trading. The shares sank more than 9% to $47.50 midday Friday
before the stock was halted for the rest of the day.
The size of breach based on current estimates is relatively
small compared with prior breaches. As many as 130 million
cardholder accounts were exposed in a breach involving Heartland
Payment Systems Inc. (HPY) disclosed in 2009. CardSystems Solutions
exposed as many as 40 million accounts in 2005. Some credit-card
networks later dropped CardSystems as a processor entirely, and the
company eventually sold assets to another company.
Heartland expensed about $147.1 million in costs related to its
breach, including about $110 million for settlements with Visa and
MasterCard, according to analysts.
TJX Cos. (TJX), which disclosed a breach in 2007 that involved
40 million to 90 million card accounts, incurred $256 million in
costs, according to Sanjay Sakhrani, an analyst with Keefe,
Bruyette & Woods.
How Global Payments fares financially will depend on the nature
of the breach and what steps merchant clients and card-issuing
banks have to take in response to the incident, said Daimon
Geopfert, national leader of security and privacy consulting for
McGladrey & Pullen LLP.
"They're going to have to pay the price," Geopfert said.
"There's no way around that but it might not be a death
sentence."
Global Payments is what is known in the payments industry as a
merchant acquirer, which contracts with merchants to provide card
processing. The company is the seventh-largest merchant acquirer in
the U.S. based on the volume of Visa and MasterCard payments it
processed in 2011, according to The Nilson Report, a
payments-industry newsletter.
Visa's decision to remove Global Payments from a list of
companies that meet industry-enforced security standards known as
PCI, or Payment Card Industry, requirements does not preclude the
company from signing up new merchants, Garcia said.
However, experts say it could make merchants leery of doing
business with the company.
As of last weekend, MasterCard had not taken a similar step,
though Garcia warned it would not be "unexpected to have MasterCard
take similar action."
Analysts peppered management with questions over how its lack of
compliance with the standards could affect costs for it and its
merchant clients in the future.
"Clearly not being PCI compliant has financial liability,"
Garcia said, adding the company is still working on quantifying
total costs.
Global Payments also reported a fiscal third-quarter profit of
$57.9 million, or 73 cents per share, up 21% from $47.8 million, or
59 cents a share, from a year earlier. Cash earnings per share rose
to 83 cents from 71 cents, while analysts polled by Thomson Reuters
estimated earnings of 84 cents a share.
-By Andrew R. Johnson, Dow Jones Newswires; 212-416-3214;
andrew.r.johnson@dowjones.com
Grafico Azioni Discover Financial Servi... (NYSE:DFS)
Storico
Da Ago 2024 a Set 2024
Grafico Azioni Discover Financial Servi... (NYSE:DFS)
Storico
Da Set 2023 a Set 2024