Credit card transaction processor CardSystems Solutions Inc. and successor Solidus Networks Inc., doing business as Pay by Touch Solutions, agreed to implement an information security program and undergo audits in a proposed settlement announced by the Federal Trade Commission yesterday.
Pay by Touch acquired CardSystems' assets in December and now processes transactions for the merchants CardSystems served.
The settlement results from a June announcement by CardSystems Solutions, which claims to process $15 billion in Visa, MasterCard, American Express and Discover transactions annually, that it had discovered a possible security breach May 22 and had contacted the FBI and the Visa and MasterCard card associations.
At the time, credit card companies claimed that unauthorized storage of credit and debit card transaction data allowed the security breach at the third-party credit and debit card processing firm, potentially exposing 40 million cardholders to risk.
In its complaint against CardSystems Solutions, the FTC alleged that the company created unnecessary risks to the data by storing it and failed to take several measures to prevent and detect data breaches. The complaint also alleged that the company's practices led to millions of dollars in fraudulent purchases, thousands of re-issued credit cards and consumer worry and time loss.
The proposed settlement requires CardSystems and Pay by Touch to install administrative, technical and physical safeguards and submit to a security audit by an independent, third-party professional. The agreement is subject to public comment for 30 days, ending March 27, after which the FTC will decide whether to make it final.
Kristen Bremner covers list news, insert media, privacy and fundraising for DM News and DMNews.com. To keep up with the latest developments in these areas, subscribe to our daily and weekly e-mail newsletters by visiting www.dmnews.com/newsletters