VISA has dropped Global Payments, the payment processor, from
its list of approved service providers following a data security
breach that could potentially expose credit card details of up to
1.5 million US cardholders.
Global Payments was subject to a cyber security attack into a
.portion of its processing system. which exposed card details,
although the company was at pains to stress that cardholders.
names, addresses and social security numbers were safe.
VISA has indicated that Global Payments must revalidate its
compliance processes with the Payment Card Industry Data Security
Standard (PCI DSS) before it can be assumed back on to its list of
approved service providers.
PCI DSS is a set of technical, organisational and operational
requirements imposed by the Payment Card Industry Security
Standards Council to protect cardholder data, enforced by the major
payment card brands. The standards cover all parties involved in
the payment chain process from individual merchants to
manufacturers and payment processors. If a business accepts or
processes payment cards, it must comply with PCI DSS.
In a statement, VISA said: .It is essential that every business
that handles payment card information adheres to the highest
standards to protect the security and privacy of cardholder
information and remain vigilant over time.
Global Payments have since ascertained that the attack breached
access to its systems, although it is believed the attack was
confined to its systems in North America. Global Payments said
that, as far as they were aware, there had been no fraudulent
transaction stemming from the attack but advised customers to
monitor their bills as a precaution.
The incident highlights the acute risks to all parties involved
in the payment processing chain to ensure that all cardholder data
is held securely and in compliance with the PCI DSS to mitigate the
risk of reputational damage or business interruption, such as has
happened to Global Payments. Ultimately cardholder data is only as
safe as the weakest link. The incident emphasizes the enormous
damage to reputation and commercial harm that an organisation can
suffer from a data security incident. Global Payments will now be
expending significant management time working with professional
advisors, insurers, regulators, industry players and law
enforcement agencies to minimise the fallout to cardholders.
Security commentators have already warned of a potential increase
in .spear phishing attacks. whereby affected individuals are
targeted by fraudsters with a view to being duped into handing over
further personal information.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
A US district court in New York has recently ruled that ReDigi, the operator of an online marketplace for pre-owned music downloads, is liable for copyright infringement.
In a decision earlier this month, a US district court in New York has ruled that ReDigi, the operator of an online marketplace for pre-owned music downloads, is liable for copyright infringement.
A number of publications including the Financial Times, have described how US lobbyists, many working for large technology companies such as Facebook and Google, have been seeking to curb the territorial extent of the proposed EU data protection reforms.
The English Court of Appeal has recently confirmed the commercial and legal importance of database rights and, in particular, their relevance to the sports industry.
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”