CardSystems settles with FTC, but some ISOs still in limbo
hird-party payment processor CardSystems Solutions Inc., now part of biometrics company Pay By Touch, reached an agreement with the Federal Trade Commission (FTC) concerning a card data security breach reported in May 2005. The company is now looking ahead; however, for the ISOs and agents that sold for the processor, the future may not be so bright, as large merchant portfolios are at risk of being lost.
Pay By Touch acquired CardSystems soon after a much publicized security breach that compromised up to 40 million card accounts. The acquisition closed in December 2005, and Pay By Touch assumed all responsibility for the company.
Following the breach, the FTC charged CardSystems with failure to take appropriate security measures to protect consumer data, a violation of federal law. As part of its settlement with the FTC, Pay By Touch will implement a comprehensive information security program and obtain audits by an independent third-party security professional every other year for 20 years.
Pay By Touch now processes transactions for many of the same merchants that CardSystems served. "Pay By Touch will continue to apply 'best practices' security standards to the purchased assets, consistent with the FTC Consent Order" ... and does not expect the Order to adversely affect future company operations in any way, said a Pay By Touch spokeswoman. (The Consent Order is for settlement purposes only, and is not an admission of guilt or law violation on the company's part.)
Some of CardSystems' former ISOs and sales agents are not faring as well, according to bankcard industry attorney Adam Atlas. "Some of the ISOs and agents have moved over to Pay By Touch and some have not.
Some portfolios are at risk," he said. "A few people are worried about their portfolios and have been in a state of uncertainty for months. Anybody who gets out of this and still has a portfolio and a residual check should consider themselves lucky."
|