ATLANTA (AP) — Visa Inc. has dropped the card processor involved in a massive data breach from its registry of providers that meet data security standards.
Global Payments CEO Paul Garcia noted that the company continues to process Visa transactions, but that being dropped from the registry "could give our partners some pause that they're doing business with someone who experienced a breach."
Garcia said he expects to Global Payments to be reinstated once it has been issued a new report of compliance. But he declined to specify when that might be. He said the situation is "absolutely contained" but that the investigation is continuing and that parts of it still need to be resolved.
Global Payments says the data breach may affect less than 1.5 million credit cards from various issuers in North America. The company said that credit card data may have been stolen, but that cardholder names, addresses and Social Security numbers were not obtained.
The company said it will set up a website later Monday to help consumers who might be affected by the breach.
Both Visa and MasterCard say their own systems weren't compromised.
Visa and MasterCard had said Friday that they notified their card holders of the potential for identity theft and illicit charges because of the breach.
Aside from the U.S., Global Payments provides its services to government agencies, businesses and others in Canada, Europe and the Asia-Pacific region.
The company said it continues to work with regulators, industry third parties and law enforcement to help in the effort to minimize the potential impact on credit cardholders.
Last June, hackers stole information for 360,000 credit card accounts at Citigroup. In the past year, there have been high-profile data attacks against the International Monetary Fund, National Public Radio, Google and Sony's PlayStation Network.
For the three months ended Feb. 29, the company reported net income of $57.9 million, or 73 cents per share. That's compared with $48.2 million, or 59 cents per share, in the year-ago period.
The company has not yet identified the size of the charge it will take as a result of the breach.