GLOBAL PAYMENTS:DATA BREACHCRISIS ANALYSISYING ZHANG
GLOBAL PAYMENT: ABOUT THE COMPANY.• A Fortune 1000 corporation• Provide electronic transaction processing services for • Merchants, • Financial institutions • Government agencies • Independent Sales Organizations (ISOs) • Multi-national corporations.• Business throughout the United States, Canada, United Kingdom, Europe, Spain, Russian and the Asia-Pacific region.
GLOBAL PAYMENTS: ABOUT THE COMPANY.• Business: Offer processing solutions for • Credit and debit cards • Business-to-business purchasing cards • Gift cards • Electronic check services • Internet services, etc.• Process approximately five billion transactions per year.• Global Payments is not a well-known corporation• Card-processing middleman between merchants and banks• Global Payment handles $120.6 billion of transactions rung up on Visa and MasterCard
THE CRISIS: CREDIT CARD DATA BREACH.• March 30, 2012. The crisis broke out from blog: Krebs on Security.• Soon afterwards, the events drew attention of multiple newspapers, BBC News, and The Wall Street Journal, etc.• Information of more than 1.5 million credit cards, including MasterCard, Visa, and American Express, might have been theft by hackers.• The information may include card number, expiration date, and security code, The Company’s share price dropped dramatically.• Global Payments’ fiscal first-quarter earnings fell 27% because of the continued remediation charges related to the security breach.
TWO STAGES OF RESPONSES OF GLOBAL PAYMENTEarly stage:• Right after the breaking out of the crisis, Global Payments did a good job to convince people that the situation is “ absolutely contained”• The immediate response of the CEO• Convince people that the breach situation was not as bad as people imagined• Immediately promised to set up a website to help consumers who might be affected by the breach• Commitment that the Global Payments will “continue to work with regulars, industry third parties and law enforcement to help in the effort to minimize the potential impact on credit cardholders.
TWO STAGES OF RESPONSES OF GLOBAL PAYMENTThree months later:• The result of this event was not clear about what type and quantity of consumers’ personal information has been stolen.• It also failed to identify the customers that had been affected.• The result of Global Payment’s investigation was too vague to answer any substantial.• This awkward situation made Global Payments’ promise become empty talk, which disappointed both media and customers.
RESPONSES OF STAKEHOLDERSBanks:• Stepped up monitoring and would alert consumers to any suspicious activity, issuing new cards as warranted.• Encourage customers to monitor their accounts and contact them if they do not recognize a transaction on their accountVisa and MasterCard:• Declared that their own systems are safe• Took actions to notify their customers to be cautious.• Visa also dropped Global Payments from its list of approved service providers
VARIOUS OTHER STAKEHOLDERS• The experts: worried about the over security of card industry.• The privacy protectors: concerning the “Debit cards, which have fewer protections than credit cards, should be very closely watched.”• The attorney: concerning the state law may affect the zero- liability policy.
THE TWO DIFFERENT ATTITUDES OF MEDIA RESPONSES• Early stage, neutral attitude of media• Three months later, generally unhappy about Global Payment’s investigation results, because the results cannot provide any accurately answer to any question that they concerned • How exactly does the intrusion of data occur? • When did the data intrusion occur? • How many accounts were affected? • What type of data was accessed? • What will Globals remediation efforts include?
THE RESPONSES OF CUSTOMERS• People have strong willing to be informed after the breach. They were expecting that the company could provide more accurate information regarding the• People also think the company does not make enough effort to protect customers’ information.
RECOMMENDATIONS• First of all, Global Payment should justify its management strategies to spend more money on information security.• Secondly, in the response process, Global Payments should provide accurate report about this crisis, and avoid unclear terms.• Thirdly, understand that the responses of a crisis are long-term tasks.