July 20, 2005
American Express has reportedly told payment processor CardSystems
Solutions its services are no longer needed and VISA says it is ending its
use of CardSystems as a processor and third party agent.
The defections follow a massive data breach at CardSystems that exposed millions of consumers to potential fraud and theft.
American Express confirmed to CNN that it's cutting off CardSystems in October. VISA sent a letter to eleven major banks that use CardSystems to process payments, informing them they may no longer use that firm to process VISA payments, beginning in October.
MasterCard has given CardSystems until the end of August to meet heightened security requirements.
The announcements are the direct result of Cardsystems? announcement last month that it mishandled information on as many as 40 million consumers. It reported that some of the data had fallen into the wrong hands, and it said the FBI had begun and investigation.
Of the three major credit card companies, MasterCard is CardSystems' biggest customer. After last month's announcement of the data breach, MasterCard said the compromised data included names, banks and account numbers -- not addresses or Social Security numbers -- and said such data could be used to steal funds but not identities.
MasterCard blames a single individual for the massive security breach. "(V)ulnerabilities allowed an unauthorized individual to infiltrate their network and access the cardholder data," MasterCard said.
The company said the perpetrator used "a virus-like computer script that captured customer data" but would not elaborate further. The FBI said it was investigating.
CardSystems officials said they first noticed a potential security breach on May 22 and contacted the FBI a day later. Visa, MasterCard, and other companies were notified as CardSystems brought in third-party security experts to review their systems.
