Global Payments has confirmed that "some card brands" have removed it from their lists of PCI compliant processors over a data breach affecting up to 1.5 million people.
Following press speculation, the US processor confirmed in March that earlier that month it had discovered a breach affecting North American card holders. The firm says 'Track 2' data - including account numbers - was compromised but not names, addresses and social security numbers.
Visa quickly removed Global Payments from its list of approved service providers, telling it to revalidate as PCI DSS compliant. In an update, the firm has confirmed that other card associations have taken the same steps.
"They have requested we revalidate our PCI status, which we will do following the current investigation. We anticipate that we will be re-instated to those lists at the conclusion of the re-validation and any required remediation," says a statement.
However, the move does not stop Global Payments from processing transactions for the brands.
Meanwhile, Visa and MasterCard alerts to card-issuing banks reveal that the breach, although only discovered in March, dates back to at least last June, according to KrebsonSecurity, which initially broke the story.