Language Selection

English French German Italian Portuguese Spanish

Visa to Bar Transactions by Processor

Filed under
Security

Visa USA said yesterday that it would stop allowing the payment processor CardSystems Solutions to handle its transactions, months after the processor left the records of millions of cardholders at risk for fraud.

"CardSystems has not corrected, and cannot at this point correct, the failure to provide proper data security for those accounts," said Tim Murphy, Visa's senior vice president for operations in a memorandum sent to several banks. "Visa USA has decided that CardSystems should not continue to participate as an agent in the Visa system."

Cardholders and merchants should not be affected by the change.

Visa said its decision to remove CardSystems came after a review and an independent investigation found that the payment processor had improperly stored cardholder data and did not have the proper controls in place.

It is unclear if MasterCard and American Express will take similar action, but with Visa accounting for more than half of all card transactions, the move raises questions about the future of CardSystems.

"I've never heard of them booting off a processor," said Avivah Litan, a security analyst at Gartner Inc., a technology research group. "The worst thing that I've heard is a processor that had to cough up $1 million."

The move came at least two months after Visa first learned that data had been compromised and just days before its executives, along with those of other major card companies, have been called to testify in Washington about their security practices. The chief executive of CardSystems, John M. Perry, is also expected to testify on Thursday.

In a statement released yesterday, CardSystems said Visa's decision was unexpected and upsetting. "We are disappointed and very surprised that Visa has decided to take this action today, not only because of the impact that it will have on our employees, but the disruption that it will cause to our 110,000 merchant customers," the processor said in a statement. "We hope that Visa will reconsider."

Visa has given at least 11 banks, which hired CardSystems to handle the merchant transactions, until the end of October to change processors, the memo said. Until then, CardSystems will be allowed to process Visa transactions as long as it has corrected any problems and allows a Visa-affiliated monitor on site to oversee its operations in Tucson. CardSystems is also banned from handling Visa transactions from its international affiliates or any new merchants, processors or member banks in the United States.

Visa had been weighing the decision for a few weeks but as recently as mid-June said that it was working with CardSystems to correct the problem. CardSystems hired an outside security assessor this month to review its policies and practices, and it promised to make any necessary upgrades by the end of August. CardSystems, in its statement yesterday, said the company's executives had been "in almost daily contact" with Visa since the problems were discovered in May.

Visa, however, said that despite "some remediation efforts" since the incident was reported, the actions by CardSystems were not enough.

"Visa cannot overlook the significant harm the data compromise and CardSystems' failure to maintain the required security protections has had on member financial institutions and merchants as well as the significant concerns it raised for cardholders," the company said in a statement.

At this point, it is unclear what the other branded card companies will do. MasterCard has previously said that it was giving CardSystems a "limited amount of time to demonstrate compliance with MasterCard security requirements" but never laid out a specific timetable.

Sharon Gamsin, a MasterCard spokeswoman, did not return calls seeking comment. Judy Tenzer, an American Express spokeswoman, said the company did not comment about its relationships with vendors. Leslie Sutton, a Discover Financial spokeswoman, could not offer an immediate response.
Visa's decision is the latest development since the disclosure in mid-June that the CardSystems computer network had been compromised, putting the cardholder names, account numbers and security codes of as many as 40 million credit and debit cardholders at risk for fraud. The information of about 22 million Visa cardholders was exposed; MasterCard reported the data of 14 million of its cardholders was potentially at risk; and the rest largely belonged to customers of American Express and Discover.

At the time, Mr. Perry of CardSystems acknowledged that the company had been improperly storing data, violating Visa and MasterCard security rules. He said data thieves directly obtained information related to some 200,000 cardholder accounts. The F.B.I and a group of federal banking regulators are now investigating.
In its statement, Visa offered its most scathing indictment of those security violations to date. The chief executive of CardSystem had "stated that the company knowingly retained unmasked magnetic stripe cardholder data, purportedly for 'research purposes,' " Visa said. "Visa's security requirements were adopted precisely for the purpose of protecting cardholder information and guarding against the type of data compromise recently experienced by CardSystems."

In the letter Visa sent to the banks, Mr. Murphy suggested that the data breach occurred as early as August 2004.

By ERIC DASH
The New York Times.

More in Tux Machines

AndEX Puts Android Marshmallow 6.0.1 64-Bit on Your PC with GAPPS and Netflix

GNU/Linux developer Arne Exton has released a new build of his Android-x86 fork AndEX that leverages Google's Android Marshmallow 6.0.1 mobile operating system for 64-bit PCs with various updates and improvements. Read more

today's leftovers

  • Future Proof Your SysAdmin Career: Advancing with Open Source
    For today’s system administrators, the future holds tremendous promise. In this ebook, we have covered many technical skills that can be big differentiators for sysadmins looking to advance their careers. But, increasingly, open source skillsets can also open new doors. A decade ago, Red Hat CEO Jim Whitehurst predicted that open source tools and platforms would become pervasive in IT. Today, that prediction has come true, with profound implications for the employment market. Participating in open source projects -- through developing code, submitting a bug report, or contributing to documentation -- is an important way to demonstrate open source skills to hiring managers.
  • FreeType Improvements For The Adobe Engine
    With FreeType 2.8.1 having been released last week, a lot of new code landed in the early hours of today to its Git repository. The code landed includes the work done this summer by Ewald Hew for Google Summer of Code (GSoC 17) adding support for Type 1 fonts to the Adobe CFF engine. Type 1 is an older, less maintained font format.
  • Are You Fond Of HDR Photography? Try Luminance HDR Application In Ubuntu/Linux Mint
    Luminance HDR is an graphical user interface that is used for manipulation and creation of High Dynamic Range(HDR) images. It is based on Qt5 toolkit, it is cross-platform available for Linux, Windows and Mac, and released under the GNU GPL license. It provides a complete workflow for High Dynamic Range(HDR) as well as Low Dynamic Range (LDR) file formats. Prerequisite of HDR photography are several narrow-range digital images with different exposures. Luminance HDR combines these images and calculates a high-contrast image. In order to view this image on a regular computer monitor, Luminance HDR can convert it into a displayable LDR image format using a variety of methods, such as tone mapping.
  • Opera Web Browser Now Has Built-in WhatsApp and FB Messenger, Install in Ubuntu/Linux Mint
  • Enterprise open source comes of age
    In the age of digitalisation and data centre modernisation, open source has come of age. This is demonstrated by the growth that enterprise open source software provider SUSE has enjoyed over the last months. “SUSE is in good shape,” says Nils Brauckmann, CEO of SUSE. “In the last year, revenue grew at 21%, and it was profitable growth.” Business is positive going forward, he adds, with SUSE now part of the larger mothership Micro Focus group following the completion this month of the HPE Software spin merger. “Micro focus is now the seventh-largest pure-play software vendor in the world, with revenues approaching $4,5-billion,” Brauckmann points out.
  • Red Hat, Microsoft Extend Alliance to SQL Server
  • UbuCon Europe 2017
    I’ve been to many Ubuntu related events before, but what surprises me every time about UbuCons is the outstanding work by the community organising these events. Earlier this month, I was in Paris for UbuCon Europe 2017. I had quite high expectations about the event/location and the talks, especially because the French Ubuntu community is known for hosting awesome events several times a year like Ubuntu Party and Ubuntu install parties.
  •  

today's howtos

Korora 26

  • Korora 26 is Here!
  • Linux Releases: “Lightweight” Tiny Core 8.2 And “Heavyweight” Korora 26 Distros Are Here
    Korora Linux distro is a derivative of popular Fedora operating system. It ships with lots of additional packages that are provided by Fedora community and helps the users to get a complete out-of-the-box experience. The developers of Korora Linux distro have just shipped Korora 26 “Bloat.” Bloat codename has been derived from the characters of the movie “Finding Nemo.”
  • Based on Fedora 26, Korora 26 Linux Debuts with GNOME 3.24, Drops 32-Bit Support
    Korora developer Jim Dean announced the release and general availability of the Korora Linux 26 operating system for personal computers, a release based on the latest Fedora Linux version and packed full of goodies. Dubbed "Bloat," Korora Linux 26 comes more than nine months after the release of Korora 25, it's based on Red Hat's Fedora 26 Linux operating system and ships with the latest versions of popular desktop environments, including GNOME 3.24. Also included are the KDE Plasma 5.10, Xfce 4.12, Cinnamon 3.4, and MATE 1.18 desktop environments, all of them shipping pre-loaded with a brand-new backup tool designed to keep your most important files safe and secure from hackers or government agencies.