Visa Terminates CardSystems, Move Could Kill Processor

In a move that apparently took troubled processor CardSystems Solutions Inc. by surprise and is likely to cripple the company, Visa U.S.A. has terminated CardSystems as a processor and agent on its network, effective Oct. 31. In a statement issued yesterday, Visa says it is taking the action because the Atlanta-based company, which last month admitted its own violations of card network security policies had allowed a hacker to gain access to data on 40 million accounts (Digital Transactions News, June 20), “has not corrected, and cannot at this point correct, the failure to provide proper data security for Visa accounts.” While MasterCard International, American Express Co., and other card companies have not indicated whether they will follow suit, Visa's action could effectively shut down CardSystems, observers say, given the sheer volume of transactions Visa accounts for. Independent sales organizations and other sales agents will switch merchants to new processors for all brands, not just Visa, experts point out. “CardSystems is dead,” says Paul Martaus, a payments consultant in Mountain Home, Ark. “I have to suspect the company will liquidate soon.” CardSystems, a registered agent for Merrick Bank, South Jordan, Utah, processes for more than 100,000 small and medium-size merchants. It did not return a call from Digital Transactions News seeking comment. As it deliberated what to do in the wake of the massive compromise at CardSystems, in which data on some 200,000 accounts were apparently stolen, Visa may have been left with little choice, Martaus says. “The association for the good of the industry has to protect the brand,” he says. “It goes beyond [public relations]. If consumers say, 'I'm not going to put that plastic in my wallet, [Visa has] an issue.” Even so, the bank card network's action apparently surprised CardSystems, which has been working with an outside auditor to bring its data-security policies into compliance with security standards, including the Payment Card Industry data security standard, set by Visa and the other card companies. Only a month ago, Visa said it was working on the problem with CardSystems. “We are disappointed and very surprised that Visa has decided to take this action,” the company said in a statement it released yesterday. “We hope Visa will reconsider.” In its statement yesterday, Visa said the processor has made efforts to fix its problems, but it “cannot overlook the significant harm the data compromise and CardSystems' failure to maintain the required security protections has had on Visa member financial institutions and merchants as well as the significant concerns it has raised for cardholders.” It says it set a deadline of Oct. 31 “to allow adequate time for the CardSystems customers to be transitioned to a different processor.”