Information Security

General Information

Global Payments previously announced that the company had identified and self-reported unauthorized access into its processing system and potential unauthorized access to servers containing personal information collected from a subset of merchant applicants.

Since our announcement, Global Payments has essentially completed our remediation work. Also, the documentation required to revalidate our PCI compliance is in the process of being provided to our Qualified Security Assessor (QSA) for verification. This verification will allow the payment card networks to evaluate the results and return Global Payments to the list of PCI compliant service providers once the results are accepted. This extensive evaluation is in place to protect the cardholder and ensure the integrity of the payment system. We continue to work closely with our QSA and the networks throughout the entire process.

This website was developed to address specific concerns you may have about Global Payments following the unauthorized access. Follow the tabs above to locate questions and answers for cardholders and merchants, as well as the latest company news regarding this incident.

Frequently Asked Questions

Is the information announced in June 2012 related to your original incident on March 30, 2012 and the cardholder data that was exported?
Our investigation revealed potential unauthorized access to servers containing personal information collected from a subset of merchant applicants. Notifications resulting from this discovery were unrelated to cardholder data but instead pertained to individuals associated with a subset of the company’s U.S. merchant applicants.

Was personal information taken and have those potentially-affected applicants been notified?
Despite our investigations, the evidence remains unclear whether the intruders looked at or took any personal information from the company’s systems; however, the company notified potentially-affected individuals with helpful information and provided credit monitoring and identity protection insurance at no cost. The notifications were unrelated to cardholder data and pertained to individuals associated with a subset of the company’s U.S. merchant applicants.

The company originally reported that no personal information, like social security numbers, was exported. Has that changed?
The notifications in June 2012 were unrelated to cardholder data, but pertained to individuals associated with a subset of the company’s U.S. merchant applicants. We reported in March 2012 that less than 1,500,000 card numbers may have been exported from our North American systems and our investigation confirmed that. Our investigation also supported our earlier findings that the cardholder information which may have been exported included only Track 2 data, not names, addresses or social security numbers.

What does “exported” mean?
Taken or stolen from our network.

Why have card brands removed you from their list of PCI Compliant Service Providers?
Based on our announcement of unauthorized activity in a limited segment of our North American processing system, some card brands removed us from their list of PCI compliant service providers. They requested that we revalidate our PCI status. We hired a Qualified Security Assessor (QSA) to conduct an independent review of the PCI compliance of our systems. We have essentially completed our remediation work and the required documentation is in the process of being provided to the QSA for verification. This verification will allow the payment card networks to evaluate the results and return Global Payments to the list of PCI compliant service providers once the results are accepted.

Can you continue to process transactions?
Yes. Global Payments continues to process transactions for all card brands with the same high level of service our customers have come to expect.

When will you return to the card brands list of PCI Compliant Service Providers?
We hired a Qualified Security Assessor (QSA) to conduct an independent review of the PCI compliance of our systems. We have essentially completed our remediation work and the required documentation is in the process of being provided to the QSA for verification. This verification will allow the payment card networks to evaluate the results and return Global Payments to the list of PCI compliant service providers once the results are accepted.

 

As of January 9, 2013

© 2012 Global Payments Inc. All rights reserved.