Visa Security Alert to the risk of online chat solutions and non-voice channel services within call centers and merchant online environments, which are expected to increase along with artificial intelligence. There are known instances where threat actors compromised online chat service providers and were able to distribute malware to merchant clients designed to intercept payment card data during checkout.

Read the story here in the Visa library for merchants.

The Visa alert also points out the importance of verifying your technology partners are secure and compliant. This is especially interesting in the context of this article.

The Visa Global Registry of Service Providers is Visa’s designated source for information on registered and PCI DSS-validated agents that provide payment-related services to Visa clients and merchants. Service providers that store, process or transmit Visa payment data must be registered with Visa and demonstrate PCI DSS compliance. All of the links in this article can be found on the merchant rules and  PCI compliance links

Christine Speedy, CenPOS Global Sales, 954-942-0483 is a PCI Council QIR certified professional based out of South Florida, near Fort Lauderdale, and Rochester, NY.

[24] Issues Statement After Data Breach Affecting Delta & Sears

SAN JOSE, Calif., April 4, 2018 /PRNewswire/ — [24] discovered and contained an incident potentially affecting the online customer payment information of a small number of our client companies, and affected clients have been notified. The incident began on Sept. 26, and was discovered and contained on Oct. 12, 2017. We have notified law enforcement and are cooperating fully to ensure the protection of our clients and their customers’ online safety. We are confident that the platform is secure, and we are working diligently with our clients to determine if any of their customer information was accessed.

About [24]
[24] is redefining the way companies interact with consumers. Using artificial intelligence and machine learning to understand consumer intent, the company’s technology helps companies create a personalized, predictive and effortless customer experience across all channels. The world’s largest and most recognizable brands are using intent-driven engagement from [24] to assist several hundred million visitors annually, through more than 1.5 billion conversations, most of which are automated. The result is an order of magnitude improvement in digital adoption, customer satisfaction, and revenue growth. For more information, visit:

[24]7 and [24] are trademarks of [24], Inc. All other brands, products or service names are or may be trademarks or service marks of their respective owners.


Information related to the statement from other sources is below. The company systems were not compromised, but rather they were all using [24]’s customer service chat widget to interact with customer service personnel, which can result in end users inputting payment card and other personal data.

Delta said a small number of its customers saw their payment information stolen by hackers. The company was alerted to the data breach last week. Sears also said under 100,000 card numbers were taken.

Service Provider [24] Breached, Leaking Customer Data from Delta Airlines, Sears, Kmart, and Best Buy

Delta Data Breach 2018: Was Your Payment Info Exposed?

Final note. Need a secure payment solution for your chat widget? Call now.