Visa USA Inc. is cutting ties with the payment-processing company that left 40 million credit and debit card accounts vulnerable to hackers in one of the biggest breaches of consumer data security.

Share story

BOSTON — Visa USA Inc. is cutting ties with the payment-processing company that left 40 million credit and debit card accounts vulnerable to hackers in one of the biggest breaches of consumer data security.

CardSystems Solutions Inc. “has not corrected, and cannot at this point correct, the failure to provide proper data security for Visa accounts,” Rosetta Jones, a Visa vice president, said in a statement.

She said banks that issue Visa cards would have until Oct. 31 to cease having CardSystems process payments.

Representatives for Atlanta-based CardSystems did not immediately return a call seeking comment.

Visa’s statement said that while CardSystems has taken some remediating actions since the breach was disclosed, those could not overcome the fact that CardSystems had inappropriately held on to data — purportedly for “research purposes” — in violation of Visa’s security rules.

While information relating to 40 million accounts were laid bare in the CardSystems computer break-in, credit card companies have said a much smaller amount, at least 200,000, were known to be stolen, primarily MasterCard and Visa cards.

Spokeswomen for MasterCard International Inc., American Express Co. and Discover Financial Services Inc. did not immediately say whether they would take similar steps to ban CardSystems.

CardSystems has been in business for more than 15 years and handles transactions for more than 105,000 small to mid-sized businesses, according to the company. It says it processes transactions worth more than $15 billion annually.