Troubled CardSystems to be sold

September 23, 2005

By Robert McMillan, IDG News Service

A Mountain View, Calif., electronic payment company plans to buy CardSystems, the transaction processing company which had data on 40 million customers compromised when hackers broke into its servers recently. On Friday, CyberSource announced that it has signed a letter of intent to acquire the CardSystems assets, a transaction that could close by year's end.

The deal gives CyberSource an opportunity to expand into new areas beyond the e-commerce transaction services that have built the 175 person company, said Bruce Frymire, a company spokesman. "It brings a lot to CyberSource," he said. "It's a processing platform, which we have not had at this point. It also gives us retail point of sale processing."

CardSystems is used by 120,000 merchants to process more than $18 billion worth of transactions annually, Frymire said.

Online thieves were able to break into CardSystems' Tuscon, Ariz., operations center and steal credit card information from the company's servers. The intrusion, which was disclosed in June, was detected after fraudulent charges began appearing on some of the stolen accounts.

CardSystems' CEO John Perry has since admitted that the stolen records were improperly kept, and his company's business has taken a hit following the disclosure. Both American Express and Visa U.S.A. have said that they intend to sever their relationship with CardSystems by the end of October.

Whether or not the planned CyberSource acquisition will affect these defections may be a factor in the deal. "Certainly that would be a matter of serious interest to us," Frymire said of the impending departures.

CardSystems and CyberSource are working to ensure that merchants experience no disruption of service, he added.

CyberSource says the transaction is subject to further due diligence and may also be subject to regulatory approval. Frymire would not say how much CyberSource expected to pay for the privately held Atlanta company.

[an error occurred while processing this directive]