Visa, MasterCard Breach Raises Security Standard Questions
Brandy is a member of The Motley Fool Blog Network -- entries represent the personal opinion of the blogger and are not formally edited.
News broke last Friday that a security breach at a third party processing center left an estimated one to three million Visa (NYSE: V) and MasterCard (NYSE: MA) accounts exposed. Atlanta-based processor Global Payments Inc. (NYSE: GPN) serves as an intermediary between merchants and financial institutions. According to The Wall Street Journal, GP handled $120.6 billion in transactions for Visa and MasterCard in the past year. Shares of GP fell 9% on Friday before trading was halted midday.
The data exposed included names and card numbers but exposure doesn’t automatically indicate fraudulent use. A Citibank breach last June exposed 360,000 accounts but only 3,400 accounts resulted in fraudulent losses that cost Citi, not consumers, $2.7 million. Visa and MasterCard have both issued statements that the companies will
This breach is actually relatively small compared to recent security incidents for other companies. Heartland Payment Systems (NYSE: HPY) was the victim of what was called the worst breach in history. Heartland announced in January 2009 that 130 million credit and debit cards had been exposed. The breach cost Heartland at least $140 million in fraud redemption, fines, and legal fees.
Heartland’s breach focused scrutiny on the security standard that applies to any company handling customer information that pertains to most debit and credit cards. The Payment Card Industry Data Security Standard (PCI DSS) is meant to set forth a foundation for a company’s protection policies. While companies are required to pass a PCI DSS audit in order to team up with the major card companies, there’s an industry implication that the company will go beyond the minimum requirements.
At the time of its breach, Heartland claimed it was following PCI DSS standards. The cause of its breach – a simple SQL injection attack – raised doubts at how compliant Heartland had remained after its audit. The company went on to design a proprietary end-to-end encryption method that required merchants to utilize special point-of-sale devices, sold near cost by Heartland, as the first point of protection.
Global Payments is due for a rough spot on the market but it should recover. The graph below shows Heartland’s share prices from January 1, 2009 until December 31, 2009. Shares fell from $14.11 to $8.18 on February 22 (the two day grace period due to Heartland announcing the breach on the day of President Obama’s inauguration) but returned back over the $14 mark in mid-September.
The cause of Global Payments’ breach hasn’t been confirmed, but speculation has hinted the weakness was due to improper employee security that may have lead to malware making it from an employee’s email into the main database. Though the breach was relatively minor, it will still require an act of contrition on the part of Global Payment, at the very least. Merchants and consumers need reassurance that data will have better protection in the future.
Motley Fool newsletter services recommend Visa. The Motley Fool owns shares of MasterCard. LynBetz has no positions in the stocks mentioned above. Try any of our Foolish newsletter services free for 30 days. We Fools may not all hold the same opinions, but we all believe that considering a diverse range of insights makes us better investors. The Motley Fool has a disclosure policy.
