Visa, Amex Cut Ties With CardSystems Due to Breach

Visa U.S.A. Inc. and American Express Co. are terminating their contracts with a credit card transaction-processing company that was hit by hacker attacks that exposed 40 million card numbers to online intruders.

In separate announcements last week, Visa and Amex said they are ending their relationships with CardSystems Solutions Inc. in Atlanta because the company didn't meet its contractual requirements in providing credit card processing services for merchants.

After Oct. 31, Visa and Amex will no longer allow CardSystems to process their transactions. Meanwhile, rival MasterCard International Inc. said it will continue to work with CardSystems if it develops a detailed plan by Aug. 31 to adequately improve security procedures.

MasterCard last month disclosed that CardSystems' systems were breached. Credit cards issued by all three companies were affected by the breach .

Rosetta Jones, a spokeswoman for San Francisco-based Visa, said in a statement that her firm's action comes "after an internal and forensics review of its processing practices demonstrated that -- in violation of Visa's rules -- [CardSystems] did not have the appropriate controls in place to protect cardholder information."

Though the statement acknowledged that CardSystems has worked to fix problems that led to the breach, it also said, "CardSystems has not corrected, and cannot at this point correct, the failure to provide proper data security for Visa accounts."

According to Jones, CardSystems kept cardholder data on file after transactions were processed, which is in violation of its agreement with Visa.

Judy Tenzer, a spokeswoman for New York-based Amex, wouldn't comment on the direct cause of that firm's termination of the contract with CardSystems. A spokesman for CardSystems didn't respond to numerous requests for comment.

A MasterCard spokeswoman said that the company first became aware of the CardSystems breach in May and promptly launched an investigation.

In a statement last week, MasterCard said it will continue to work with CardSystems, at least in the short term, because the company has worked to improve its security and procedures since the spring.

"However, if CardSystems cannot demonstrate that they are in compliance by [Aug. 31], their ability to provide services to MasterCard members will be at risk," the statement said. Merchants will be able to choose another processing company to provide the services once CardSystems' agreements with Visa and Amex have ended, Tenzer said.

Copyright © 2005 IDG Communications, Inc.

Shop Tech Products at Amazon