Cutoff by Visa May Force Processor Out of Business

U.S. payment processing firm CardSystems Solutions Inc. said Thursday that it faced “imminent extinction” after revealing last month a massive credit card data security breach.

The privately held payment processor for more than 100,000 merchants disclosed that details of 40 million cards -- names, account numbers and expiration dates -- had been exposed to possible misuse. The FBI is investigating.

CardSystems said at a congressional hearing into the matter that it knew of the removal from its databases of information about 239,000 credit card accounts.

Credit card giant Visa USA said this week that it was cutting off CardSystems as a Visa network participant because of the data breach, the largest ever of its kind.

“With that staring us in the face, it certainly means we would go out of business because if you can’t process with a major brand such as Visa, you can’t process at all,” CardSystems Chief Executive John Perry said during a break in the hearing.

Perry said Tucson-based CardSystems “did the right thing” by reporting the data breach as soon as it became apparent.

Visa said it terminated CardSystems after discovering that the processor had improperly stored certain customer information in its databases in violation of a previous security agreement -- an action that Visa said it “cannot overlook.”

“We were in error by keeping that data,” Perry said at the hearing when asked about the matter by a lawmaker.

The CardSystems data breach has drawn increased attention to the issue of credit card security.

At least nine bills are circulating in Congress, including three in the House Financial Services Committee, which held the hearing.