Global Payments calls data breach 'contained'

Global Payments, a third-party payments processor at the center of a Visa and MasterCard security breach, reiterated Monday morning that while customer data may be at risk, the data breach has been "contained to the best of our ability."

Overall, 1.5 million accounts may have been affected.

Global Payments CEO Paul Garcia said that the "diligent work" may take some time, but it will complete the ongoing investigation and identify any changes that need to be implemented.

Garcia said the company will get its record of compliance back with Visa and MasterCard "as soon as possible." Executives were upbeat about Global Payments' ability to regain its record of compliance with credit card associations.

The company also said it wasn't aware of any fraudulent transactions taking place.

Separately, Global Payments reported third quarter earnings of $57.9 million, or 73 cents a share, on revenue of $533.5 million, up 17 percent from a year ago. Non-GAAP earnings in the third quarter were 83 cents a share. Wall Street was looking for earnings of 84 cents a share.

Global Payments projected 2012 revenue to be $2.15 billion to $2.2 billion. The company expects non-GAAP earnings of $3.50 a share to $3.58 a share. GAAP earnings were $3.10 a share to $3.18 a share.

Charges related to the breach weren't disclosed because the investigation is ongoing.

Approximately three weeks ago, the breach was discovered. Within hours, law enforcement had been contacted. Garcia described how the company "jumped on this instantly" and said that only a "handful of servers" were affected.

Here's what happened and when:

On Friday, it was first reported that Global Payments suffered a security breach, where as many 50,000 cardholders may have had their information exposed.

Global Payments processes card payments between merchants and banks, sitting in the "middle-ground" directing where payment data should go.

Brian Krebs, who first reported the breach, initially warned that 10 million cards may be compromised. On Sunday, Global Payments revised down Krebs' figure as it confirmed as many as 1.5 million Visa and MasterCard accounts may have been compromised by the security breach.

While card numbers may have been downloaded from its systems, no other personal data -- such as names, addresses, or Social Security numbers -- were accessed.

Both Visa and MasterCard confirmed there was no breach to its own systems.

Visa and MasterCard both sent out non-public alerts to banks to warn of the breach, which was thought to have occurred between January 21 and February 25, as Global Payments informed law enforcement and brought in an independent data security organization to inspect any damage.

Visa, as a result of the breach, removed Global Payments from its list of approved service providers, but invited it to reapply once it submits evidence to show its security is "in compliance with Visa's standards."

MasterCard said it had not followed Visa's move, but was awaiting the result of an independent forensic investigation before it made any decision.

The Associated Press reported that a technical problem affected the Visa network for 45 minutes on Sunday evening, which resulted in users unable to use their credit and debit cards. Visa confirmed this was not as a result of the recent security breach.

While the reputation of Visa and MasterCard stands in jeopardy, Global Payments lies in ruins. But Jefferies analyst Jason Kupferberg said that the processor can weather the storm.

The processor has $300 million to $400 million in unrestricted cash, which could pay for the damage left by the breach, compared to figures by the 2009 Heartland data breach, in which 130 million accounts ran compromised. Analysts weighed in almost immediately after the breach with their opinions.

This story originally posted as "Global Payments: Data breach is contained" on ZDNet.