Global Payments' Breach Overshadows Positive Quarter

In a call with analysts and investors, Global Payments GPN discussed third quarter results for its fiscal year 2012, just released on Monday morning, as well as addressed at length the security breach of an estimated 1.5 million credit card numbers. Notable rises in revenues and EPS in comparison to last year were overshadowed by bottom-line concerns, as well as one-time impacts, arising from the event. Analysts opted to focus on the financial and competitive fallout in terms of losses, added R&D and fines levied against the company from card issues with whom the company remained non-compliant. Company officials conceded that the breach would be responsible for increased ongoing expenses in security as well as research and developments. It also noted that it expected fines from Visa, which removed Global Payments from its PCI compliance list, and potentially from other card issuers who might do the same in the coming days. Company officials, however, refused to comment on such impact before these could be reasonably estimated, offering instead that the total impact would be "manageable." The company said it detected the unauthorized access three weeks ago. Probed by Oppenheimer on the timeline of the problem, said to have occurred sometime in late January, the company could not elaborate due to the ongoing investigation. It said, however, that the company acted "within hours" of discovery. The company clarified that the event involved a "handful of servers handling North American payments," and that it did not involve any partners or point of sale systems. Global Payments officials resisted to questioning by a Morgan Stanley analyst on what the malicious penetration said of the comparable security of GPN compared to other systems that must have also been attacked. "I do not think we can infer what you are inferring," the company's CEO, Paul Garcia, said. "Attacks happen on an ongoing basis, so we cannot comment on who got attacked or penetrated at this time." The company conceded that it was currently deemed non-compliant by major credit card issuer Visa V in light of the incident. "This is a catch-22 so to speak," the Mr. Garcia offered. "You start compliant, then something happens and you are no longer so." He said that the company was working around the clock to restore compliance with Visa as soon as humanly possible. It said the process would take longer than days, but probably less than months. Company officials stressed vehemently that this was self-discovered and self-reported, which should contribute to a return to compliance. In response to questioning by Goldman Sachs on the competitive fallout, the company said it was "heartened by competitor reaction to the event, and the assurances we have received" that there would not be any improper advantage on its market share by most of them. "There are rogue outliers out there," the company said, "but they are wrong!" Mr. Garcia said of voices that have suggested the company would lose a good chunk of its businesses as its partners would pause at the thought of continued business with such an adverse effect on the company's record. "You must keep in mind that our partner relationships are of a long-term nature, with lots of infrastructure involved," the CEO said, hinting that the company's business may be safe by virtue of the prohibitive cost of replacing payment processors. "Let's say our partners move on from us," he continues the thinking line, "what will happen when their next partners gets attacked?" The security breach diverted attention to what it had been an otherwise positive quarter. Global Payments said that its revenues had grown 17 percent to $533.5 million compared to the same quarter a year ago. Earnings per share were reported up 17 percent to $0.83 on a cash basis. On a GAAP basis, EPS was up 24 percent to $0.73 compared to the previous year. Analysts had expected $529.34 million in revenues and $0.84 cash EPS. GPN closed at $47.50 on Friday, recovering a bit after losing 8.7 percent within minutes of the breach announcement. Shares are likely to open closer when trade halt is removed, but might see slight upside to flat action based on investor sentiment to cost containment and further fallout as events develop.