AmEx, Visa Cut Ties With Processor
Visa USA Inc. and American Express Co. are cutting ties with the payment-processing company that left 40 million credit and debit card accounts vulnerable to hackers in one of the biggest breaches of consumer data security.
CardSystems Solutions Inc. “has not corrected and cannot at this point correct the failure to provide proper data security for Visa accounts,” said Rosetta Jones, a vice president at Foster City, Calif.-based Visa.
She said banks that issue Visa cards would have until Oct. 31 to replace CardSystems with one of the hundreds of other payment-process firms in the U.S.
American Express also notified CardSystems that it would sever their relationship as of October, said Judy Tenzer, a spokeswoman for the card issuer. CardSystems was a small part of American Express’ network, handling fewer than 0.5% of its transactions, she said.
Atlanta-based CardSystems released a statement saying it was “disappointed and very surprised” and hoped that Visa would reconsider. The company did not address American Express’ decision.
CardSystems told the FBI that it learned of a potential breach of its computer network May 22, and the break-in was publicly disclosed last month. The agency has not disclosed any details of the investigation.
Although information relating to 40 million accounts was laid bare in the break-in, credit card companies have said at least 200,000 were known to have been stolen, primarily MasterCard and Visa cards.
Visa said that although CardSystems had taken some remediating actions since the breach was disclosed, those could not overcome the fact that it was inappropriately holding on to account information -- purportedly for research purposes -- when the breach occurred, in violation of Visa’s security rules.
MasterCard International Inc. is taking a different tack with CardSystems. The credit card company expects CardSystems to develop a plan for improving its security by Aug. 31, “and as of today, we are not aware of any deficiencies in its systems that are incapable of being remediated,” spokeswoman Sharon Gamsin said.
“However, if CardSystems cannot demonstrate that they are in compliance by that date, their ability to provide services to MasterCard members will be at risk,” she said.
A spokeswoman for Discover Financial Services Inc., which also works with CardSystems, declined to comment.
