Visa and MasterCard, the word’s largest payment processors, warned that their cardholders’ account information may have been put at risk as a third-party processor of card transactions reported that its systems had been breached.
Both companies said they had alerted card issuers regarding accounts that may have been affected. Visa said card account information from “all major card brands” may have been affected.
Global Payments of Atlanta, Georgia, a provider of payment processing services for credit, debit and gift cards, said on Friday that it had determined in early March that card data may have been accessed, and contacted federal law enforcement. It said it identified “unauthorised access into a portion of its processing system” and continues to investigate.
Global Payments, Visa and MasterCard all declined to comment on how many cardholders were potentially at risk. Visa and MasterCard said their systems were not compromised.
The US Secret Service was investigating the breach, said George Ogilvie, a spokesman for the agency.
Global Payments also said it “promptly notified appropriate industry parties to allow them to minimise potential cardholder impact”.
Citigroup, Bank of America and JPMorgan Chase, the three largest consumer credit card lenders, declined to comment, but people familiar with investigations said lenders were working with payment processors and were preparing to field customer inquiries about suspicious charges on their cards. It was unclear if any fraudulent charges had been made.
American Express and Discover also said they were monitoring their accounts for suspicious activity.
Global Payments is the seventh largest processor of card payments for merchants, according to The Nilson Report. Last year, it processed more than $120bn of transactions using Visa and MasterCard debit and credit cards.
Global Payments’ shares fell 9.1 per cent to $47.50 before they were suspended from trading early Friday on the New York Stock Exchange.
“This situation speaks fundamentally to questions about how safe and secure our data is with those who have been entrusted with it,” said Denee Carrington, an analyst at Forrester Research.
Last year, Citigroup fell victim to a hacking attack that exposed data on hundreds of thousands of credit card holders and raised broader concerns about online protections. This prompted the US Department of Homeland Security to join with federal law enforcement authorities to advise financial institutions on how to protect themselves from online breaches.
Ms Carrington said she was troubled by the lack of information that card issuers and payment processors were providing on how the latest breach happened and how many cardholders were affected. She said the timeline of when the breach occurred and how quickly Global Payments detected it will be key for future consumer confidence in these systems.
Additional reporting by Kara Scannell in New York