Visa, Amex, Mastercard Cuts Ties With Card Processors

[Lee]

Jul 21 2005 : From October 2005, Visa USA and American Express are to terminate ties with CardSystems, the card processing firm which potentially exposed 40 million credit card accounts to hackers. In what is the biggest-yet card security compromise, CardSystems advised during June 2005 that over 40 million credit cards were at risk of fraud after hackers exploited a hole on its systems. From Visa’s perspective, CardSystems had failed to adequately protect cardholder data on its network, and had violated Visa’s rules by retaining some data after transactions were processed.

MasterCard has given CardSystems until August 31 to meet its security requirements, in view of the processor’s efforts at improving its defenses since the breach was found. Discover Financial Services meanwhile is reviewing the situation and will take a decision once its security audit concludes. Both Visa and American Express have advised that banks and retailers affected by the shift will be given assistance to move to other card processors by end-October, but MasterCard has said that if possible, it would prefer to avoid disrupting its merchant customers.

CardSystems has warned that if Visa does stop using its services, the card processor will go out of business, according to a report in the New York Times. The processor expects to comply with Visa’s and MasterCard’s security standards by end-August, but Visa has suggested that its efforts to mediate with CardSystems were not reciprocated. CardSystems, which processes over USD 15 billion in payments a year, expressed surprise at Visa’s decision to cut its ties, with hope that this decision would be reconsidered, but Visa claims that the damage has already been done.

http://www.epaynews.com/index.cgi?su...2215212&block=

Interesting stuff, I wonder if this is actually going to happen or whether CardSystems can get them to change their minds?

Id figure if Visa does say 'goodbye' that could very well be another lawsuit against them.

Regards,

Lee

[jIgG]

From what I've read Visa seem to have made their mind up they'll be dropping CardSystems. Yahoo! i think had an article and sounded like Visa said they didn't care what CardSystems wanted to do the damage had already been done.

But who knows

[Squirt]

I guess the big question is how many of our billing company uses CardSystems on their back end?

Any way to find out?

[tombarr]

personally I could not be happier that Card Service is getting what they dished out to merchants over the years.

our relationship with them spanned 4 years or so and we were so glad to finally get to a point to cancel our account with them and it now appears it was a good thing. ..

Card Services was also a victim of the shakeout with First Data as well and had to get a new processor before Ibill went through their whole fiasco.

I don't wish ill on anyone, but Card Services were always very uncaring, snotty, and very rigid and we think that what comes around..goes around.

[gaybucks_chip]

Are Cardservice International and Card Systems affiliated or co-owned? I know that Card Systems is a backend platform similar to First Data, but I haven't seen anything that says whether they're associated with Cardservice or whether they are entirely separate... it would be useful to know, since Cardservice is huge and services a gigantic % of business, the majority of which is outside the adult industry.

[Corey Bryant]

Cardservice and Cardsystems are two totally different processors - they do not have anything to do with one another.

As far as Cardsystems - they did not keep up with the CISP compliance issues or anything and it became apparent. They were unable to become compliant and this was why Visa dropped them.

[Squirt]

Cardservice and Cardsystems are two totally different processors - they do not have anything to do with one another.

As far as Cardsystems - they did not keep up with the CISP compliance issues or anything and it became apparent. They were unable to become compliant and this was why Visa dropped them.

Actually if you follow the history of the Cardsystems problem they were 100% compliant will all regs and were just audited in 2003 by Visa/Mastercard and found to be 100% in compliance. They hadn't changed their system at all since that time. What happened was a virus was planted in the system and programmed to download the data files every four days. After CardSystems found out and decifered what exactly happened they notified MC/Visa

You can read the testimony of the committee here

I think there's an alterier motive they would be dropped like a hot potato and I think it has something to do with the adult market.

[LiveTwinksCam]

Good for Visa and American Express! It shows that they care about their customers and Card Systems lacks in that care to have their system hacked and 40million of people's credit information exposed. Careless and they should be put out of business. It appears Card Systems could use some good ole competition anyway.

I am glad I don't use Mastercard.

[Corey Bryant]

I had not read that Squirt - just going by what I had heard over the news actually. But right now, with all these "great" CEOs of companies (like Enron, MCI, etc) - it is very difficult to believe some of these people. It sounds like he is trying to blame someone else - when, he is in charge of the company and he did not have all the proper safeguards set up properly.

Getting CISP compliant is not easy and as you can see, it is not 100% full-proof.

And one has to wonder why it took a extra two days to notify Merrick? That should have been the first phone call - afterall, if the money cannot be collected from the merchant, it is paid by the processor. And if the money is not paid by the processor, it comes from the acquiring bank.

And this is the kicker:

As we have repeatedly acknowledged, our error was that the data was kept in readable form in violation of Visa and MasterCard security standards.

I have no idea how they could even get CISP compiant with this type of data being stored this way. You are only asking for trouble