Visa has removed Global Payments from its Payment Card Industry (PCI) compliance list after last week’s security violation involving 1.5 million cardholders, confirmed Paul Garcia, Global Payments’ chairman and CEO, during a conference call today.
“It was not unexpected,” Garcia said of the company’s removal from the list by Visa.
The PCI Security Standards Council (PCI SSC) is the organization that creates security standards for the industry, said Laura Johnson, a communications manager for PCI SSC. However, each credit card company uses the council’s standards to create their individual security standards programs.
The CEO said the incident has been contained to North America and Global Payments continues to provide uninterrupted service to customers around the world. Garcia said “major brands” of credit cards were compromised in the incident, which could mean the incident involves brands beyond Visa and MasterCard, the only two card companies originally named in the breach.
He added that the company is working around the clock to remedy the situation in order to get PCI compliance reinstated, but was unable to give a specific timeframe.
“It will be more than a few days, but less than a few months,” the CEO said. “We have every expectation that it will happen as expeditious as possible.”
Garcia also said the ongoing investigation revealed that the data information that is believed to have been stolen does not include cardholder names, addresses and social security numbers.
“We are not aware of any fraudulent transactions on the accounts stolen,” Garcia said.
Garcia also emphasized that the security breach happened because thieves compromised Global Payment’s servers, and not because of its merchant partners or independent sales organizations (ISOs).
The CEO said the company became aware of the situation approximately three weeks ago and within hours reported the incident immediately to the federal law enforcement and card associations.
Last week Direct Marketing News reported that MasterCard and Visa had alerted card holders through Twitter feeds of the security violation. The incident was first reported by Brian Krebs on his blog Krebs on Security.
Global Payments, a Fortune 1000 company, provides electronic transaction processing services for merchants, ISOs, financial institutions, government agencies and multi-national corporations in the North America, Canada, Europe and Asia-Pacific region.