Global Payments Inc., which processes credit cards and debit cards for banks and merchants, has been hit by a security breach that has put some 50,000 cardholders at risk, according to people with knowledge of the situation.
The full extent of the breach couldn’t be determined, one of the people said. It wasn’t immediately clear if cardholders have been hit by fraudulent transactions.
Representatives of Global Payments, based in Atlanta, couldn’t be reached for comment.
Global Payments is a large so-called third-party processors of payment cards, including debit cards, credit cards, and gift cards.
The news comes as MasterCard Inc. and Visa Inc. have been alerting their card-issuing bank customers about the potential breach. It wasn’t immediately known if the banks are planning to reissue cards to their customers.
The breach was reported earlier Friday by the Krebs On Security blog.
MasterCard, of Purchase, N.Y., said law enforcement has been notified of the matter and an “independent data security organization” is conducting a forensic review of the matter.
“MasterCard’s own systems have not been compromised in any manner,” a company spokesman said in a statement. The company will “continue to both monitor this event and take steps to safeguard account information.”
The spokesman declined to say how many cards may have been compromised or how many banks it is notifying.
Representatives for Visa couldn’t immediately be reached for comment.
A notice Visa is sending to banks said it had been notified of a security breach within a third-party payment processor. The estimated window for the breach is Jan. 21 and Feb. 25, according to a copy of the notice reviewed by The Wall Street Journal.
MasterCard and Visa are pushing into a new business: using what they know about people’s credit-card purchases at brick-and-mortar stores for targeting them with ads online.
“The network intrusion may have put accounts at risk of being stolen,” Visa said in the notice, adding that a forensic company is working with the company in question and the U.S. Secret Service is also investigating the breach. “The investigation is still in the early stages and if additional accounts are determined to be at risk” additional alerts will be distributed.
A notice sent to clients recently by PSCU, a technology company that works with credit unions, said it received an alert from Visa on March 23 about a possible incident with a third-party processor. PSCU said the Visa alert identified 46,194 accounts that may have been at risk, though after eliminating duplicate accounts, cards with invalid expiration dates and cards not handled by PSCU, the number of compromised Visa cards was reduced to 26,094.
PSCU couldn’t immediately be reached for comment.
Visa and MasterCard don’t lend or issue cards to consumers; rather, they process transactions for banks that issue their cards and those that handle transactions for merchants.
Cardholders who are concerned about their accounts should contact the banks that issued them their cards, the company said.
—Matthias Rieker contributed to this article.
Write to Andrew R. Johnson at Andrew.R.Johnson