A security breach that struck Fidelity National Information Services, or FIS, a year ago still has ripple effects on the core platform provider, which reported its first-quarter earnings April 26 (see story).

FIS is reacting to an onslaught of attention surrounding a supervisory letter the Federal Deposit Insurance Corp. reportedly sent it about a security breach from the first quarter of last year. The breach affected FIS's Sunrise payments platform.

The National Credit Union Administration redistributed the letter in March to more than 5,000 of FIS's credit-union customers, according to media reports. The letter became a small spectacle in the earnings call.

"Upon completion of an interim review in late 2011, the regulators issued a confidential examination report to … FIS related to information security and risk management," Gary Norcross, FIS president and chief operating officer, said during a conference call with investors.

Norcross took issue with the allegation that FIS did not react swiftly or completely to the breach.

"At the end of the day, we were very transparent and disclosed the security breach on the Sunrise platform," Norcross said in an interview.

The Sunrise system was a fully PCI compliant, Norcross says.

The FDIC would neither confirm nor deny that it sent a supervisory letter to FIS.

FIS made security a top priority, announcing recently the acquisition of ICS Risk Advisors and Memento, two companies that specialize in the risk, fraud and the compliance market.

FIS paid $40 million for the companies, according to Avondale Partners.

"The steps the FDIC and NCUA took to forward some of these concerns to most, if not all, domestic financial institutions were unusual and suggested something relatively more material as regards to the deficiencies" that caused the action, says Peter J. Heckmann, a senior research analyst for Avondale.

Other analysts agreed there was more lurking under the surface.

"It was not so much the initial breach that was the concern, but the response to the breach to makes sure something like this does not happen again," says Julie Conroy McNelley, a research director and security expert for Aite Group.

Security breaches are often a time for companies to retrench and reposition themselves, McNelley says.

A longer version of this story is on AmericanBanker.com.

What do you think about this? Send us your feedback. Click Here.


Subscribe Now

Authoritative analysis and perspective for every segment of the payments industry

14-Day Free Trial

Authoritative analysis and perspective for every segment of the industry