Case Analysis: Global Payments Breach 
Table of Contents Executive Summary 3 Company Background 3 Security Breach 3 Cost of Security Breach 3 Closer Look at Control Issues 4 Steps to mitigate data breach 4 Conclusion 6 References 6
Executive Summary
A data breach at a credit card payments processing firm Global Payments potentially impacted 1.5 million credit and debit card numbers from major card brands Visa, MasterCard, Discover and American Express (money.cnn.com) in April 2012.
Company Background
Founded in 1967, Global Payments (NYSE:GPN) is one of the largest electronic transaction processing company based out of Atlanta, GA and operations in several European and APAC regions. The company provides business-to-business card payment and processing solutions for major card issuers such as Visa, Master Card, Amex and Discover. The company also performs terminal management and electronic check conversion.
Security Breach
Exactly a year ago, in March 2012 the company was hit by a massive security breach of its credit card payment processing servers impacting more than 1.5 million customers (nytimes.com). The company reported unauthorized access to its processing system resulting in data transfer of 1,500,000 card numbers. According to the company report, data stolen includes name, social security number and the business bank account designated for payment processing or deposit services. As a result of unauthorized access to the company’s servers millions of customer confidential records got exported.
Cost of Security Breach
While this data breach is not the largest of the cases, Global Payments data breach turned out to be a $93.9 million deal according to the company’s Jan 8th 2013 quarterly report (bankinfosecurity.com). This is mainly spent in enhancing security and ensure compliance with Payment Card Industry Data Security standard. The company hired a qualified security assessor (QSA) that conducted an independent review of the PCI-DSS compliance of Global Payments
Executive Summary
A data breach at a credit card payments processing firm Global Payments potentially impacted 1.5 million credit and debit card numbers from major card brands Visa, MasterCard, Discover and American Express (money.cnn.com) in April 2012.
Company Background
Founded in 1967, Global Payments (NYSE:GPN) is one of the largest electronic transaction processing company based out of Atlanta, GA and operations in several European and APAC regions. The company provides business-to-business card payment and processing solutions for major card issuers such as Visa, Master Card, Amex and Discover. The company also performs terminal management and electronic check conversion.
Security Breach
Exactly a year ago, in March 2012 the company was hit by a massive security breach of its credit card payment processing servers impacting more than 1.5 million customers (nytimes.com). The company reported unauthorized access to its processing system resulting in data transfer of 1,500,000 card numbers. According to the company report, data stolen includes name, social security number and the business bank account designated for payment processing or deposit services. As a result of unauthorized access to the company’s servers millions of customer confidential records got exported.
Cost of Security Breach
While this data breach is not the largest of the cases, Global Payments data breach turned out to be a $93.9 million deal according to the company’s Jan 8th 2013 quarterly report (bankinfosecurity.com). This is mainly spent in enhancing security and ensure compliance with Payment Card Industry Data Security standard. The company hired a qualified security assessor (QSA) that conducted an independent review of the PCI-DSS compliance of Global Payments
References: 1. Jessica Silver-Greenburg, Nelson D Schwartz (March 30 2012). “Master Card and Visa Investigate Data Breach” New York Times. Retrieved 2013-03-17. 2. Information Security Group (January 10 2013). “Global Payments Breach Tab: $94 million”. www.bankofsecurity.com. Retrieved 2013-03-17. 3. Julianne Pepitone (April 3 2012). “1.5 million Card numbers at risk from hack”. www.money.cnn.com. Retrieved 2013-03-17 4. Dave Shackleford (November 2007). “Regulations and Standards: Where Encryption Applies”. www.sans.org/reading/analyst_program/encryption_Nov07.pdf