-
Core banking provider aims to improve security for its software.
March 7 -
FIS, which notched solid, if unexciting, earnings in the fourth quarter, says it plans to grow by cross-selling to large banks worldwide.
February 14
A security breach that struck Fidelity National Information Services (FIS) a year ago still has ripple effects on the core platform provider, which reported its first-quarter earnings Thursday.
FIS is reacting to an onslaught of attention surrounding a supervisory letter the Federal Deposit Insurance Corp. reportedly sent it about a security breach from the first quarter of last year. The breach affected FIS' Sunrise payments platform.
The National Credit Union Administration redistributed the letter in March to more than 5,000 of FIS' credit union customers, according to media reports. The letter became a small spectacle in the earnings call.
"Upon completion of an interim review in late 2011, the regulators issued a confidential examination report to … FIS related to information security and risk management," Gary Norcross, president and chief operating officer of FIS said during a conference call with investors.
Norcross took issue with the allegation that FIS did not react swiftly or completely to the breach.
"At the end of the day, we were very transparent and disclosed the security breach on the Sunrise platform," Norcross told American Banker in an interview.
The Sunrise system was a fully PCI compliant, Norcross says.
"We hired two remediation firms to come in and help us not only to remediate the threat but also look across our enterprise, and we had the [platform] completely recertified under PCI in July of 2011," he says. "We feel we were very responsive in addressing the Sunrise incident."
The FDIC would neither confirm nor deny that it sent a supervisory letter to FIS.
"We don't comment on open and operating banks, and any supervisory letters are between the FDIC and the open or operating bank; they are not available to the public, they are part of the examination process," says Greg Hernandez, a spokesman for FDIC.
NCUA was similarly neutral about whether it redistributed the letter, but implied it might do so as a matter of practice.
"It is a longstanding interagency practice to share reports with clients of record. These are business-to-business situations, and the release of the information is only to clients, subject to non-disclosure provisions, and with the beneficial intent of enhancing the risk management efforts and due diligence of the financial institutions, including credit unions," NCUA spokesman John Zimmerman wrote in an email.
In recent months, FIS made security a top priority. In early March it
Last week, FIS also hired Greg Montana as its chief risk officer. Montana was previously senior vice president and senior operational risk executive for Bank of America (BAC) and senior director, global risk operations at eBay's (EBAY) PayPal unit, as well as director of operational, credit and compliance risk for Lloyds Banking Group (LYG).
In recent days, FIS also announced the acquisition of ICS Risk Advisors and Memento, two companies that specialize in the risk, fraud and the compliance market.
FIS paid $40 million for the companies, according to Avondale Partners.
"The steps the FDIC and NCUA took to forward some of these concerns to most, if not all, domestic financial institutions were unusual and suggested something relatively more material as regards to the deficiencies" that caused the action, says Peter J. Heckmann, a senior research analyst for Avondale.
Other analysts agreed there was more lurking under the surface.
"It was not so much the initial breach that was the concern, but the response to the breach to make sure something like this does not happen again," says Julie Conroy McNelley, a research director and security expert for Aite Group.
Security breaches are often a time for companies to retrench and reposition themselves, McNelley says.
Heartland Payment Systems (HPY), for example, decided to position itself as a leader in security after a breach exposed millions of credit card accounts to hackers in 2009.s
FIS reported revenue from continuing operations increased more than 4%, to $1.45 billion, in the first quarter from a year earlier as it saw improvements in its financial solutions, electronic transactions and international solutions businesses. Financial solutions revenue increased 7%, to $538.9 million, due to growth in business from processing, professional services and global commercial services.
Increases in electronic transactions led to revenue for payment solutions rising more than 2%, to $630.6 million, year over year. International solutions revenue totaled $276.8 million, up roughly 3% from a year earlier
FIS reported profit of $95.8 million in the first quarter, down about 1% from a year earlier.
"Banks overall are starting to focus on growth, now that balance sheets are strong. And, with the larger banks, FIS is seeing more efforts to outsource," John Kraft, an analyst for D.A. Davidson & Co, wrote in an email.
