I hope Global Payments doesn't strain itself patting its own back for containing a massive breach that occurred on its watch.
The company, which processes credit, debit, and gift card transactions between merchants, banks, and consumers, let a staggering 1.5 million credit card numbers get out in the open as a result of a still-to-be determined attack on its system. Yet it has barely shown any signs of contrition.
Most companies would have shown a bit of remorse for what has happened, but Global Payments has struck an almost self-congratulatory tone for how it identified the problem, alerted authorities, and contained the breach.
"It is reassuring that our security processes detected an intrusion," Global Payments CEO Paul Garcia said in its initial statement on Friday.
"We're very pleased to inform you we've made significant progress in identifying and rectifying events," Garcia said during a conference call today. "Fewer than 1.5 million card numbers have been stolen, and it's confined to North America."
Uh...congratulations? Perhaps for a large payments processor like Global Payments, that figure isn't a big deal, and a company of its nature isn't really used to dealing with consumers. But imagine if a well-known brand such as Apple or Research In Motion lost the personal data for 1.5 million of its customers? People would be up in arms. Politicians would be making calls for better protection of data.
You can bet those companies would at least try to acknowledge there were problems before moving on with the solutions, most likely with some high-profile press conference.
Global Payments held a conference call to discuss the issue, and then followed it up by discussing its rosy third-quarter earnings results -- just in case things started to sound too downbeat.
To be sure, I'm no public relations or damage control expert. And Global Payments may be following a well-worn corporate playbook in skipping around direct acknowledgement of the problem.
But its comments just make the company look disingenuous. It wasn't until several minutes into the call that Garcia even referred to the incident as a breach. Roughly halfway through the call, he finally mentioned taking responsibility for the problem. And even then it was after a bit of self-praise for identifying the problem.
"We self-reported it, we determined it ourselves, that's great you did that," Garcia said. "How did they get in in the first place? We recognize that and take full responsibility."
Global Payments was frustratingly frugal with the details. Although in that respect, I can understand its reluctance to say much because of the ongoing investigation. The company, however, will eventually need to disclose to its customers just what went wrong.
For the most part, Garcia attempted to smooth over the controversy by bringing back some normalcy into the operations.
"Business as usual sounds a little trite," he said, although he stressed the "business as usual" part more than once.
But it's not exactly usual, is it? Visa has taken Global Payments off its list of companies compliant with standard payment security guidelines. Visa and MasterCard have already issued warning notices to customers. The company will likely record a financial charge related to the breach. Regardless of its insistence that things are normal, the company has a huge black eye for letting such a big chunk of personal data get out.
The company, which acts as a middleman between merchants and banks, may not deal directly with the consumer. Perhaps the company has shown some contrition to the business customers it has to deal with on a regular basis. That doesn't mean it should ignore the consumer as it has.
So Global Payments, are you going to step up or what? According to your own estimate, 1.5 million consumers deserve an apology.