Last month, Global Payments Inc. announced that an April 2012 data breach ended up costing the company a whopping $93.9 million in associated expenses, BankInfoSecurity reports. Those expenses included $60 million for an investigation into the hack and a series of system upgrades aimed at Payment Card Industry Data Security Standard (PCI-DSS) compliance, and more than $35 million in fraud losses and fines.
According to the news source, the details about the exact timing of the breach varies based on who you talk to.
“Shortly after news of the breach was made public, three separate card-issuing institutions provided BankInfoSecurity with copies of advisories first issued by Visa and MasterCard, confirming the breach occurred sometime between Jan. 21 and Feb. 25, 2012,” the article says. “But in April 2012, Visa issued an update that warned issuers the breach likely occurred in 2011 and could have affected transactions dating back to June 7, 2011.”
Furthermore, Global Payments Inc. initially estimated that the number of credit and debit card accounts compromised during the breach was about 1.5 million, however, the article says several news sources have suggested it could be closer to 7 million. The company later admitted its numbers would have to be expanded, but did not specify by how much.
Unfortunately, the damage is never limited to the processing company. Whether it is because consumers don’t fully grasp how the payment process works and who was actually responsible for a breach, or they question a retailer’s judgment in choosing business partners and vendors, merchants are hurt, too.
This makes it even more important for business owners to choose their payment processor software wisely. By using a system that can work with any processing provider, they have the ability to make changes that some customers might demand before continuing their patronage.