MasterCard and Visa have notified US banks of a potential security breach, the latest in a string of incidents that have put the personal information of millions of credit card holders at risk.
The companies, which are the two largest global credit card processors, said the issue stemmed from a third-party vendor and not their own internal systems.
Following news of the breach, the shares of Atlanta-based Global Payments were halted after dropping more than 9.1%.
Several other processing companies denied responsibility for the breach.
MasterCard said it notified law enforcement officials and has hired an independent data-security organisation to review the breach.
A US Secret Service spokesman said the agency was investigating.
"MasterCard is concerned whenever there is any possibility that cardholders could be inconvenienced and we continue to both monitor this event and take steps to safeguard account information," the company said.
"If cardholders have any concerns about their individual accounts, they should contact their issuing financial institution."
Visa emphasised that customers are not responsible for fraudulent purchases.
The companies' statements came after the blog Krebs on Security reported that MasterCard and Visa have been alerting banks across the US about a "massive" breach that may affect more than 10million cardholders.
The Visa-Mastercard breach is the first major instance this year of consumer information put at risk by technological flaws.
Just R20 for the first month. Support independent journalism by subscribing to our digital news package.