Visa Europe Ltd -Breach of Personal Data
No member of the iSignthis group has any contractual relationship with Visa Australia (AP) Pty Ltd. The licensing agreement for Australia was between Visa Worldwide Pte Ltd, being Visa's Asia Pacific regional head office in Singapore, and iSignthis Ltd.
The manual data transfer was not at the request of the data controller iSignthis eMoney Ltd, and was likely in breach of Visa's General Data Protection Regulation (GDPR) obligations, the Non-Disclosure Agreements and Membership Deed confidentiality agreements between Visa and iSignthis group companies. No consent was given for the data transfer by any iSignthis group company.
iSIgnthis eMoney Ltd has notified and/or lodged a complaint with;
- the United Kingdom Information Commissioner's Office reference IC-48691-X9P8
- the Office of the Australian Information Commissioner reference DBN20/00827
- the Cypriot Office of the Commissioner for Personal Data Protection reference "Visa_iSignthis"
The Company is also aware from communications originating from Visa Europe that Visa Australia has shared data with Australian Government agencies, including the Australian Securities and Investment Commission (ASIC). iSignthis is not aware of any legitimate purpose under European regulations for the sharing of the data, nor why Visa Australia would have the data in the first instance.
iSignthis is further also aware from communications originating from the ASX, that ASIC has shared some data and documents with the ASX Ltd under s127 of the ASIC Act.
Affected persons are being advised individually, and that they may lodge a complaint regarding Visa's mishandling of their personal data by visiting the below hyperlinks and including the relevant reference from above:
The Company apologises to its merchants, business owners, customers and cardholders who may have been affected by Visa's data breach, and for any inconvenience this data breach may cause.
The Company is not aware if Visa Europe Ltd has reported the data breach under its General Data Protection Regulation obligations, which includes disclosure of the number of persons affected, the reason for the breach, and the impact to persons affected by the breach.
About iSignthis Ltd
iSignthis Ltd (ASX:ISX) (FRA:TA8) is a hybrid monetary financial institution and also a RegTech leader in remote identity verification, payment authentication with deposit taking, transactional banking and payment processing capability. iSignthis provides an end-to-end on-boarding service for merchants, with a unified payment, electronic money and identity service via our Paydentity(TM) and ISXPay(R) solutions.
By converging payments and identity, iSignthis delivers regulatory compliance to an enhanced customer due diligence standard, offering global reach to any of the world's 4.2Bn 'bank verified' card or account holders, that can be remotely on-boarded to meet the Customer Due Diligence requirements of AML regulated merchants in as little as 3 to 5 minutes. Paydentity(TM) has now onboarded and verified more than 1.5m persons to an AML KYC standard.
iSignthis Paydentity(TM) service is the trusted back office solution for regulated entities, allowing merchants to stay ahead of the regulatory curve, and focus on growing their core business. iSignthis' subsidiary, iSignthis eMoney Ltd, trades as ISXPay(R), and is an EEA authorised eMoney Monetary Financial Institution, offering card acquiring in the EEA, and Australia.
ISXPay(R) is a principal member of Mastercard Inc, Diners, Discover, (China) Union Pay International and JCB International, an American Express aggregator, and provides merchants with access to payments via alternative methods including SEPA, Poli Payments, Sofort, PRZ24 and others.
Probanx Solutions Ltd, a wholly owned subsidiary of iSignthis Ltd, provides API based access to CORE Banking solutions, SEPA Core, SEPA Instant and SEPA business scheme, for neobanks, banks, credit unions and emoney institutions, and provides a bridge to the Eurosystem's Central Bank of Lithuania's CENTROLink service.