SAVE   |   EMAIL   |   PRINT   |   RSS  
Visa gives CardSystems the ax
Citing payment processor's lax security, Visa tells banks to find another processor.
July 19, 2005: 2:55 PM EDT

NEW YORK (CNN/Money) Visa USA yesterday said that it would no longer let Visa credit card issuers handle their transactions at payment processor CardSystems, where hackers gained potential access to over 40 million credit card accounts.

Visa cited CardSystems' lax security procedures as the reason for the decision, according to a report Tuesday in the New York Times.

"CardSystems has not corrected, and cannot at this point correct, the failure to provide proper data security for those accounts. Visa USA has decided that CardSystems should not continue to participate as an agent in the Visa system," said Tim Murphy, Visa's senior vice president for operations, in a memo the Times reported was sent to several banks.

Visa said it made its decision after conducting a review and an independent investigation. And it has given at least 11 banks until the end of October to changes processors, the newspaper said.

Twenty-two million Visa card accounts were involved in the breach at CardSystems, as were 13.9 million Mastercard accounts.

Neither cardholders nor merchants will be affected by Visa's decision to remove CardSystems from the Visa system, the Times reported.

In response to Visa's decision, CardSystems issued a statement yesterday: "We are disappointed and very surprised that Visa has decided to take this action today, not only because of the impact that it will have on our employees, but the disruption it will cause to our 110,000 merchant customers. We hope that Visa will reconsider."

MasterCard, meanwhile, is not going as far as Visa, at least not yet.

In a statement issued Tuesday, MasterCard said it is giving CardSystems until Aug. 31 to "develop a detailed plan to bring its systems into compliance with MasterCard security requirements.... (A)s of today, we are not aware of any deficiencies in its systems that are incapable of being remediated. They have already ceased storing sensitive data in accordance with MasterCard rules."

If the payment processor fails to meet MasterCard's security requirement by the end of August, the credit card company said, "(CardSystems') ability to provide services to MasterCard members will be at risk."

For more on the breach at CardSystems, click here.  Top of page


Visa USA
Manage alerts | What is this?