Global Payments’ Data Breach, an update

Data Breach at Global Payments

Another data breach has occurred recently involving credit card processor Global Payments.  Global Payments is the intermediary between merchants and card processors. Approximately 1.5 million Visa and MasterCard accounts were hacked.  The time frame has not been confirmed, it could have been between January 21 and February 25, 2012 and for about 13 months.  It wasn’t detected until in early March and wasn’t announced publically until March 30.

MasterCard, Visa, American Express and Discover Financial Services were all affected by this breach. Visa dropped Global Payments from its list of approved service providers.  According to Global Payments, sensitive personal information including the name, address and SSN have not been compromised.  The information stolen which was the card’s expiration date and the account number could be used to create counterfeit cards.

There has been much discussion on data breaches and the time lag before victims are informed of it.  The companies are more concerned about their reputation than the impact on consumers. Unfortunately, they don’t have to report the breach publicly if card holders’ names and other pieces of personally identifying information are not exposed.

Bill proposed

Because of this breach, Representative Mary Bono Mack called on her House colleagues to pass her data-protection bill, the Secure and Fortify Electronic (SAFE) Data Act, which would require security policies and procedures to protect data containing personal information, and provides for nationwide notice in the event of a security breach. “Consumers have a right to know when their personal information has been compromised, and companies and other organizations have an overriding responsibility to promptly alert them,” said the California Republican.

Card issuers have supported bills that would require the companies that have been hacked to immediately notify the affected parties, and to also pay the costs to resolve it, such as card replacements and fraud restitution.  Currently, the card issuers have to bear the cost of the breach.  The companies beached have not supported the bills, because they don’t want to incur the costs or the harm their reputation,

It is doubtful that cyber security bills will pass in Congress this year but it is getting attention. If a member of Congress becomes a victim, you would see a big push for the bill.

Credit Expert Witness, John Ulzheimer, is the President of Consumer Education at SmartCredit.com, the credit blogger for Mint.com, and a Contributor for the National Foundation for Credit Counseling.  He is an expert on credit reporting, credit scoring and identity theft. Formerly of FICO, Equifax and Credit.com, John is the only recognized credit expert who actually comes from the credit industry.  Follow him on Twitter here.

Categorised in: Credit Cards, Credit Monitoring, Credit Report, Credit Score, Identity Theft, Money & Identity

This post was written by John Ulzheimer