by Constantine von Hoffman

Global Payments: “Only” 1.5M Credit-Card Numbers Stolen

Apr 02, 20122 mins
CybercrimeData and Information SecurityData Breach

Global Payments claims hackers didn't get very much personal information on credit card owners from a recent, high-profile data breach--"only" 1.5 million cards were compromised, it says. The problem: Visa and MasterCard disagree.


Global Payments announced yesterday that it had “contained” an incident in which fewer than 1.5 million credit card numbers were hacked. And that’s actually good news. Sort of.

When Visa and MasterCard first alerted banks to the incident on Friday, the number 10 million was being thrown around.

Global Payments’ announcement was a lesson in how to downplay a disaster, which it officially called an “Unauthorized System Access.” From Global Payments:

The affected portion of its processing system is confined to North America and less than 1,500,000 card numbers may have been exported…Based on the forensic analysis to date, network monitoring and additional security measures, the company believes that this incident is contained.

As Brian Krebs, who writes the great blog Krebs on Security, noted, Global Payments’ account of the incident may not sync up very well with Visa and MasterCard’s Friday warnings. (Krebs’ broke the story, by the way. Did I mention he writes a great blog?) Global Payments says hackers didn’t get cardholder names, addresses or social security numbers. However, the credit card companies say they did.

When Global Payments first announced the breach on Friday the statement included this wonderful line: “It is reassuring that our security processes detected an intrusion.” Reassuring to whom?

Visa clearly did not find it very reassuring. The Wall Street Journal reports that over the weekend Visa removed Global Payments from a list of hundreds of companies that it considers to be “compliant service providers.” These are companies which act as middlemen between merchants and banks in the world of electronic payments.

The Journal also did its own nice job of understatement:

The move by Visa, which is rare in the industry, essentially serves as a warning to merchants that Global Payments, which processes credit-, debit- and gift-card transactions, no longer meets Visa’s standards for security.

In other words, Visa kicked Global Payments to the curb and put a giant sign on the company saying, “STAY AWAY.” From Friday to mid-morning Monday Global Payments’ stock fell 13 percent. That, too, may be relative good news compared how far that stock falls in the future.