Archive Links

Consumer Archive
CU System Archive
Market Archive
Products Archive
Washington Archive

News Now

CU System
Visa drops Global Payments from compliant list
ATLANTA (4/3/12)--Atlanta-based Global Payments  Inc. has been removed from Visa's "compliant service providers" list after revealing Friday that part of its third-party card processing system had been breached. However, Global says it has "contained" the breach to less than 1.5 million debit and credit cards.

"The company believes that the affected portion of its processing system is confined to North America and less than 1.5 million card numbers may have been exported," Global Payments said in  a press release Sunday.

The investigation so far has revealed that Track 2 data may have been stolen.  Track 1 and Track 2 data include names, card numbers and validation codes. Global said that cardholder names, addresses and Social Security numbers were not obtained by the criminals who hacked the system.

The breach has prompted a number of alerts from companies serving credit unions, as well as from credit unions themselves.  CUNA Mutual Group issued a risk alert Friday with tips for its bond policyholders. (Use the link).

The Members Group (TMG), a Des Moines, Iowa-based card processing and payment solutions for credit unions, is warning credit unions to be on high alert for credit card fraud stemming from the breach. It is assisting its card-issuing credit union clients with implementing defensive strategies to minimize the impact of card fraud resulting from the breach.

"The best prevention strategies will be different for every issuer and will depend greatly on where and how the fraudulent activity occurs," said Karen Postma, cards risk senior manager at TMG.  For some credit unions reissuing the card may be the best approach to minimizing losses. For others, tighter rule-setting and diligent monitoring will be sufficient, she said.

She explained that fraudsters typically test several different bank identification numbers (BINs) before settling on the one or two that are most profitable. The TMG fraud department is monitoring card activity closely to identify which BINs are most likely to be impacted.

Postma, who advised credit union card issuers through the 2008 Heartland Payments System data compromise, said it's too early to predict the fallout from this particular breach. "We plan to be in close communication with each of our card-issuing clients for the next several months as the investigation into the breach continues," she said.

"Credit unions should absolutely be proactive, however, monitoring their portfolios very closely to understand whether and to what extent they are being affected. If they determine they are being hit with high levels of fraudulent activity, more aggressive measures are likely necessary," Postma said.

Corinne Sherman, senior vice president, fee services for the Pennsylvania Credit Union Association advised credit unions to "pay close attention to information received from your card processor" (Life is a Highway April 2).

"This is very unfortunate and it could be very costly," said Sherman. "If a credit union has any concerns about cards at risk, it is best to err on the side of caution and reissue cards to protect members and its card program."

Credit unions are already reporting some fraudulent charges.  For example, during the last six days of March, Hermiston, Ore., police said they had received at least six reports of fraudulent charges made on credit cards issued by America's Best Community FCU, a $5 million asset credit union based in Hermiston (OPB News March 31).  Although the credit union's system wasn't compromised and members' accounts were safe, the nationwide implications of the Global Payments breach hit home for those members.  One couple charged $60 during the weekend on their card to see it turned into a $480 charge for purchases from a store in Kenosha, Wis. Another member reported $561 in fraudulent charges

Global Payments was working with industry third parties, regulators and law enforcement agencies to minimize potential cardholder impact, it said, adding it "has engaged multiple information security and forensics firms to investigate and address this issue."

"We are making rapid progress toward bringing this issue to a close. Our nearly 4,000 employees around the world are focused on providing exceptional service. We are open for business and continue to process transactions for all of the card brands," said Chairman/CEO Paul R. Garcia.

According to The Wall Street Journal (March 30), the cards were exposed between Jan. 21 and Feb. 25. The total cost of the breach is still being tallied. The company set up a website for consumers seeking information (use the link).

Athough Visa has removed the company from its list of providers, Global continues to process Visa and other branch cards and expects to be reinstated once the compliance issues with  card company standards are corrected.

Visa and MasterCard systems were not breached.  Also, Global made it clear Friday that the breach was not related to merchant/customer relationships.
Other Resources


News Now LiveWire
.@LACULeague in @DailyComet: #creditunions' "old" benefits attractive to new generation
16 hours ago
At @FTC request, court halts operations of an alleged debt-relief scammer calling itself “FTC Credit Solutions.”
21 hours ago
.@daytondailynews : The secret is out about #creditunions @DayAirCU @CODECreditUnion
21 hours ago
.@CUNA's @Nussle on @SenatorReid :(2of2)On behalf of more than 102M #CU members,I thank him 4 his leadership over the yrs/wish him the best.
23 hours ago
.@CUNA CEO Nussle on Sen. Reid’s decision not 2 seek re-election (1of2): Sen. Reid has a long history of #CU support throughout his career.
23 hours ago