Seeking Alpha
We cover over 5K calls/quarter
Profile| Send Message|
( followers)  

Global Payments (NYSE:GPN)

Q3 2012 Earnings Call

April 02, 2012 8:00 am ET

Executives

Jane M. Forbes - Vice President of Investor Relations

Paul R. Garcia - Chairman and Chief Executive Officer

David E. Mangum - Chief Financial officer and Senior Executive Vice President

Jeffrey S. Sloan - President

Analysts

James F. Kissane - Crédit Suisse AG, Research Division

Glenn Greene - Oppenheimer & Co. Inc., Research Division

David Togut - Evercore Partners Inc., Research Division

Julio C. Quinteros - Goldman Sachs Group Inc., Research Division

Bryan Keane - Deutsche Bank AG, Research Division

Jason Kupferberg - Jefferies & Company, Inc., Research Division

Glenn Fodor - Morgan Stanley, Research Division

David J. Koning - Robert W. Baird & Co. Incorporated, Research Division

Tien-Tsin T. Huang - JP Morgan Chase & Co, Research Division

Gregory Smith - Sterne Agee & Leach Inc., Research Division

Sanjay Sakhrani - Keefe, Bruyette, & Woods, Inc., Research Division

Daniel R. Perlin - RBC Capital Markets, LLC, Research Division

Christopher Brendler - Stifel, Nicolaus & Co., Inc., Research Division

Operator

Ladies and gentlemen, thank you for standing by, and welcome to the Global Payments Conference Call. [Operator Instructions] As a reminder, today's conference will be recorded. At this time, I would like to turn the conference over to your host, Senior Vice President of Strategic Planning and Investor Relations, Jane Elliott. Please go ahead.

Jane M. Forbes

Good morning, and welcome to Global Payments' conference call to discuss the unauthorized access into a portion of our processing systems. We are now also going to discuss fiscal 2012 third quarter earnings, and this call replaces the conference call previously scheduled for April 4. We will pause after our prepared remarks on the security incident and take your questions, resuming with our prepared remarks on earnings about halfway through the call. Our call today is scheduled for one hour. And joining me on the call are Paul Garcia, Chairman and CEO; Jeff Sloan, President; and David Mangum, Senior Executive Vice President and CFO.

Before we begin, I'd like to remind you that some of the comments made by management during the conference call contain forward-looking statements that are subject to risks and uncertainties that could cause actual results to vary, which are discussed in our public releases, including our most recent Form 10-K. We caution you not to put undue reliance on forward-looking statements. Forward-looking statements made during this call speak only as of the date of this call.

In addition, some of the comments made on this call may refer to certain measures such as cash earnings, which are not in accordance with GAAP. Management believes these results more clearly reflect comparative operating performance.

For a full reconciliation of cash earnings to GAAP results in accordance with Regulation G, please see our press release furnished as an exhibit to our Form 8-K this morning dated April 2, 2012, which may be located under the Investor Relations area on our website, www.globalpaymentsinc.com.

Now I'd like to introduce Paul Garcia. Paul?

Paul R. Garcia

Thanks, Jane, and good morning, everyone. In regard to the security incident, I am very pleased to inform you that we are making significant progress in defining and rectifying the event. The company believes that fewer than 1.5 million card numbers may have been stolen and that the theft is confined to our North American processing system. Importantly, the investigation to date has revealed that the theft involved Track 2 card data only. We do not believe that Track 1 card data was taken or that cardholder names, addresses, social security numbers or consumer banking information was obtained by the criminals.

In addition, based on the forensic analysis to date, network monitoring and additional security measures, we believe that this incident is contained. Visa has removed us from the PCI compliance list pending the results and resolution of our work. Upon reflection, this was not unexpected, and we are focused on the remediation measures necessary for full and timely PCI reinstatement. It goes without saying that we are providing uninterrupted service 24 hours per day to our customers around the world as we speak.

I cannot stress more vehemently that this does not involve our merchants, our sales partners or their relationships with their customers. Neither merchant systems nor point-of-sale devices were involved in any way. It is also important to emphasize that consumers are completely protected if any exposure were to arise. The card-issuing institutions have well-established and highly effective procedures to protect their customers. Consumers, as always, are encouraged to be vigilant by reviewing their statements and reporting any suspicious activity to the card-issuing institution. To that end, we have established a consumer website for inquiries, which will be operational later this morning. The website is www.2012infosecurityupdate.com.

Operator, we will now take questions regarding the security incident.

Question-and-Answer Session

Operator

[Operator Instructions] Your first question comes from Jim Kissane with Credit Suisse.

James F. Kissane - Crédit Suisse AG, Research Division

Paul, how quickly do you think you'll be back on Visa's approved processor list? And just a follow-up, I mean, you're calling it unauthorized access as opposed to a breach. What's the fine line between unauthorized access and a breach, if you can provide a little insight there?

Paul R. Garcia

Okay, Jim. In terms of when will we get our ROC back, our record of compliance, so I will tell you that prior to the event -- to the -- we can say, breach, and prior to the breach -- I think they're synonymous is really the answer to your second question. Prior to the breach, we were -- we received a report of compliance, and then after the breach, we were removed. I think it's a little bit like a Joseph Heller novel, Catch-22. I mean, you are compliant prior. If something happens, by definition, you’re no longer. And therefore, that's not totally unexpected. The important thing is we're open for business and processing transactions. Now how quickly can we get back? That is something we are absolutely focused on, and we're working around the clock, literally. And we're working collaboratively with all the associations to get that ROC back. And quite frankly, we have every expectation that will happen as expeditiously as possible. But this is somewhat nascent in that, remember, this was self-discovered, self-reported. No one came to us. No one said there's records of all kinds of incidents out there, with cardholders reporting incidents and banks having concern. None of that happened. We found this. We reported it. Within hours, we reported it. And this is -- the investigation is still continuing. So there's parts of this, Jim, that we still need to resolve and button up. Although it's absolutely contained -- to the best of our ability and opinion, it's absolutely contained. We know we have some work to do to get with the associations to get this ROC back. So long, windy answer to saying it's going to be as soon as possible. We're working very diligently, but I think it's going to take a little time, yes.

David E. Mangum

And Jim, this is David. Maybe a little bit more color in banding. We can't put a timeframe specifically on this. What we need to do is complete the investigation portion of this process, and then identify and perform any required remediations at that point, and we'll do just that. That's our plan.

James F. Kissane - Crédit Suisse AG, Research Division

Are you aware of any fraudulent transactions on the accounts where the data's been stolen?

Paul R. Garcia

No. No, Jim, we are not.

Operator

Your next question comes from Glenn Greene with Oppenheimer.

Glenn Greene - Oppenheimer & Co. Inc., Research Division

I guess I just wanted to get some clarity on the timeline of sort of when you discovered this, and it sounded like, from your press release from Friday, it was early March, and there were some indications that the breach actually kind of happened late January. It'd be helpful just to get some clarity around the timing of events.

Paul R. Garcia

Okay. So a couple things, Glenn. First of all, this is an ongoing federal investigation, right? We're -- they’re trying to get the bad guys here. So I can't be terribly specific, and I will tell you, there's a lot of rumor and innuendo out there, which is not helpful to anyone, and most of it, incredibly inaccurate. But I can tell you this. Approximately 3 weeks ago, we identified that cardholder data may have been taken. Literally, within hours of that discovery, we contacted federal law enforcement and the card associations. So we jumped on this instantly. Now in terms of other timelines, I just cannot be specific, truly, about that.

Glenn Greene - Oppenheimer & Co. Inc., Research Division

Okay. And then just in terms of the types of cards, was it a Visa, MasterCard, or was it beyond that, other branded cards as well?

Paul R. Garcia

I think it's the major brands and pretty much in proportion to how they're used by the consumer.

Operator

Your next question comes from David Togut with Evercore Partners.

David Togut - Evercore Partners Inc., Research Division

Can you give us a little bit more insight as to how much time you think it'll take to actually rectify the issue?

Paul R. Garcia

David, I wish I could. And we clearly realize that's something we need to do as quickly as possible, and you can be assured that we are working very collaboratively with the associations. And quite frankly, they have every desire to have us button this up as quickly as possible, too. So they're pulling on the same end of the rope as we are. So they have to make certain that every single thing that we say is fixed is fixed. They have to tick and tie that. That's not days. It's longer than that, regrettably. We don't think it's months, but we have work to do here. And I’ll promise you this. We will keep you guys informed in this.

David Togut - Evercore Partners Inc., Research Division

Great. And just as a quick follow-up, you’ve said that none of GPN's merchants and none of those merchants' customers were affected. Does that suggest that the breach occurred through an ISO? Or I mean, if it's not your merchants or customers, I mean, where did the breach actually occur?

Paul R. Garcia

David, I'm so glad you gave me a chance to answer that because I want to really hit this hard. This was not a merchant breach. This was not an ISO breach. It's literally nothing to do with those guys, literally nothing to do with them. This is something that happened in a subset of our North American processing system. A handful of servers in reflection -- a handful of servers as compared to significant numbers that we have, and after combing each of these -- we had security measures in place that caught it, and now we're going back with a fine-tooth comb with a number, number, I mean, multiple forensics experts, leaders in the field, to go through every single aspect, every single server, every single piece of data to make certain that we didn't miss anything. And that's what I'm talking about. It's evolving. But it was at our systems. It's nothing to do with the merchants, their relationship with their customers, our sales partners, financial institutions who do business with us, nothing to do with them. Nothing. Period; end of story. No more so than if they take U.S. currency, and there's a -- the currency devalues. Or they accept a card brand, and they have a systemic issue. It's nothing to do with them.

David Togut - Evercore Partners Inc., Research Division

Does this suggest you'll have to step up R&D or system spending as a result?

Paul R. Garcia

Well, if the answer is, are we going to spend even more amount of money, quite frankly, on security, the answer is yes.

Operator

Your next question comes from Julio Quinteros with Goldman Sachs.

Julio C. Quinteros - Goldman Sachs Group Inc., Research Division

Real quickly on the -- I guess I'm thinking more about the competitive response to this. So presumably, in the ISO channel world and in any other part of the world where you guys are actively competing, there's going to be a playbook out there that says you guys were breached. How do you keep your ISOs, especially the larger ones, from balking at this point? What guarantees do you guys have in contract terms that this isn't some type of a material adverse clause where they could actually start considering looking at other merchant processor relationship at this point?

Paul R. Garcia

Julio, let me answer that, and I think Jeff wants -- Jeff Sloan wants to mention something, as well. So firstly, I would say I'm incredibly heartened by the competitors who -- I'm talking about people that you recognize that compete with us, who have given me every assurance that they will make certain that they don't do anything that would inappropriately take advantage of this situation. And quite frankly, I will tell you we all did the same when other occurrences have happened, with other processors. I made those same assurances to those guys. We're all in this together. We're all in this together, all of us, the card issuers, the banks, the merchants, the acquirers, we're all in this together. And no one wants to try to capitalize that. I mean, there might be rogues, but let me tell you, they are the outliers, and they are wrong. Secondly, we've gotten similar responses from our customers. And they said, look, we know we're going to get through this. We have a long relationship with your company. We feel very good about everything you're doing. And we'd like some more product now and again. I mean, that's the kind of the business-as-usual kind of comment you get, which, quite frankly, are very heartening as well. Now it doesn't say that I can guarantee you there'll be no fallout here, but -- because this is a significant thing, we're working through. But so far, I will tell you we're very, very encouraged by the response. Jeffrey?

Jeffrey S. Sloan

I would just add onto what Paul said, Julio, by saying what he said a minute ago, which is there’s absolute nothing at our partner level, nothing at the ISO level, with our bank referral partners, with bars or any other similar distribution partner that was impacted here. So what that really means at the end of the day is there's no need to replace, for example, point-of-sale equipment or any way we operate with our partners. So in my experience, Julio, the thing that you tend to be most concerned about in terms of disruption to our or our partners' businesses is disturbances at the point-of-sale, disturbances from an operating point-of-view. And while what happened is what it is, as Paul described, at the end of the day, the endpoint relationships between our partners and their merchants and the merchants and their customers was not impacted by what Paul has described. And I think that's probably the best way to think about how our partners have thought about it to date. That's how I view it, but that's also been my experience in having conversations with them through the weekend.

Julio C. Quinteros - Goldman Sachs Group Inc., Research Division

Okay, that's helpful. And then just any incremental expense associated with this presumably are going to be in fiscal '13 since we only have one more quarter to go here in fiscal '12.

David E. Mangum

So Julio, this is David. When we can size it, we're in the early stages of investigation, we'll be back with what we have. We have to be able to size it, reasonably estimate it, any losses and expenses. Anything we're doing right now relative to the investigation, we're expensing as a period cost in Q4. We don't have an event to take a charge in Q3, so we'll be back to you on that. And then I think if we refer back to David Togut's question, any investment you'd see will take itself into FY '13. I think that's part of the point of your question.

Operator

Your next question comes from Bryan Keane with Deutsche Bank.

Bryan Keane - Deutsche Bank AG, Research Division

I guess my first question, have you guys experienced anything like this, or I'm sure on a smaller scale, in the company's history?

Paul R. Garcia

The answer is no. We have not. I mean, that's some of the misinformation, quite frankly. I mean, we -- there was a rumor out there that we were aware of a data intrusion a year ago. The answer is no. That's not -- this is the first incident and we hope this is the last. I think one of the answers, Bryan, is that this is an ongoing process. We get better and stronger every day. And I think that one of the reasons we're getting assurances from our customers is they know that we will be even better at the end of this process and that they will be with someone who is very strong and very tested. So that's why it's going to take a while to get the ROC because we have to demonstrate all of that. So no, there was no other incident. If there were, quite frankly, we would have reported it.

Bryan Keane - Deutsche Bank AG, Research Division

I assume the criminals probably tried to attack multiple networks, and somehow, they got through on GPN. Is there any -- do you know exactly what it was that was the weakness on your guys’ side?

Paul R. Garcia

So I will tell you this that this speaks to the ongoing nature of the investigation. I don’t think you can assume anything you just said, in the first part. I think that there's attacks that happen every day against lots of people, and I think we are -- we have contained it, so you can be sure that we have all the necessary measures to protect ourselves, and that starts with where you think the intrusion happened. But I can't really be more specific, and I certainly can't speak to anything that is happening to anyone else as we speak.

Bryan Keane - Deutsche Bank AG, Research Division

Okay. And then last one for David. I assume a lot of these costs, we will have a separate, broken out number kind of -- there'll probably be some onetime charges, I assume, from this and maybe some ongoing expense as well. I think that's what people are trying to get at, just your thoughts there.

David E. Mangum

Yes. I think that's right, Bryan. We will call these out and make sure they're clear to you. Again, just to sort of repeat what I said in answer to Julio's question, we can't, right now, reasonably estimate what the charges/losses might be related to the incident. When we get to the point where we can reasonably estimate, we'll obviously record and accrue and disclose. So you're on exactly the right track. When we get to that point, we'll be back to you guys.

Operator

Your next question comes from Jason Kupferberg with Jefferies.

Jason Kupferberg - Jefferies & Company, Inc., Research Division

I just wanted to clarify the situation with Visa a little bit further. I know your press release yesterday said that you are still actively processing for all the brands, but you obviously are trying to get the ROC back there. So what exactly is the situation? I mean are you still able to process for Visa, or do you have to wait to actually get the ROC back here?

Paul R. Garcia

So Jason, there's 2 questions there. Number one is are we processing transactions for Visa? The answer is absolutely, positively yes. Of course, we are. We have millions of merchants around the world who are processing Visa transactions as we speak. We'll continue to process Visa transactions as we speak. In terms of getting the ROC back, we are going to do that as expeditiously as humanly possible. And I think our merchants and our customers understand that this will make us even stronger. And if people were to leave and go to another processor, and God forbid something happened there, would they go to another processor? I mean, PCI gets better and better and better. This will make us all better. This will help PCI be better. This will help us be better. This will make everybody more secure. We're all in this together. And Visa, MasterCard and the other brands absolutely understand that, and we are working with them, and they're working with us, and we're all trying to get ahead. What we shouldn't forget is these are thieves. These are bad guys. These are people who are working day and night to try to hurt all of us; and all of us, together, have to do our best to thwart them, and that's what we're focused on.

David E. Mangum

So Jason, David, I'll add a little more color to that, too. We're all of a little over 3 weeks into this process. We have to complete the investigation portion of it, identify any things that require remediation and perform that remediation. We do expect to do just what Paul said, do that as expeditiously as possible, but we have to complete our work.

Jason Kupferberg - Jefferies & Company, Inc., Research Division

Okay. So in the meantime, what are the implications while you wait to get the ROC back? I mean...

Paul R. Garcia

Jason, I think that's an excellent question. So I think it's unclear. I would tell you this. It does not, and nor would anyone suggest that this would stop us from processing transactions. I think what was mentioned earlier is true. It could give our partners some pause that they're doing business with somebody who experienced a breach. Regardless of whether or not there's a ROC involved, someone experienced a breach. And that's why we are working very, very, very hard on fixing all of that.

Jeffrey S. Sloan

Jason, it's Jeff. I would just add that, as you know, in our business, we have long-term relationships with customers. As David rightly said, as we continue our work, whatever needs to be remediated and done to Visa and the other networks' satisfactions ultimately will be done, but these are long-term relationships with a lot of technical infrastructure around it. I think people understand what that means in terms of day-to-day operations. And for now, clearly, through Friday and starting today, around the world, it's business as usual.

Jason Kupferberg - Jefferies & Company, Inc., Research Division

Okay, very helpful. And then just to come back to sort of the investigation and the remediation, which I understand you can't be precise in terms of how long this will take, it sounded like it's not days, it's not months. So people are going to say, okay, maybe it's weeks, and you can debate how many weeks. But is it -- it will be resolution of that remediation over the next x number of weeks, for argument's sake; that will then allow you guys to reasonably estimate the charges and costs associated here? I mean, that's how we should be thinking about the sequence of events.

Paul R. Garcia

So Jason, let me say this. Firstly, I think you said it extremely well. We understand there are 2 things hanging over us, right, getting this ROC back and identifying the exact onetime charge associated with this. Now we are doing our very best to see both of those happen as quickly as possible. And I think there's still -- it's still developing. It's still going on and there's still cost. David needs time to get his hands around all of that. But we will -- we're trying to do that as quickly as possible. If you push me, I would say maybe the ROC comes before the charge comes, probably in that order, but hopefully, it's as soon as possible.

Operator

Your next question comes from Glenn Fodor with Morgan Stanley.

Glenn Fodor - Morgan Stanley, Research Division

Your confidence level that the 1.5 million account figure represents the upper end of the range. I know this is a moving target and it's variable, but it’s a big difference from 10 and refreshing, but how can we just kind of range-bound the -- how much this could move here?

Paul R. Garcia

Yes. That's a great point. So you can be sure that we worked very hard on that and we looked at every piece of data we could possibly look at and then allowed ourselves some expansion. I mean, we're trying to do this in a way that puts our hands around it. We don't have complete clarity of information. So you have to come up with a number that we all believe is reasonable. We all believe this number to be a reasonable limit. Now we obviously understand if this were to go beyond that, we'd have to deal with that, and of course, we would, but that's not our expectation. And it's because of a lot of work and effort that we came up with that, so we have a high degree of confidence in that number. And if that were to change materially, of course, we would be out to you guys with that information.

Glenn Fodor - Morgan Stanley, Research Division

You guys have a lot going on internally as far as platform consolidation and data center reshuffling. Could this event impact any aspects of your strategy there?

Paul R. Garcia

Yes. I'd say the answer is no. This is what we're trying to do. We have almost 4,000 people at our company. We have probably 100 who are focused on this. And the rest of the people are running their businesses and signing up customers and operating their data facilities, et cetera. Now it’d be disingenuous to say that this didn’t -- wasn't distracting and that everyone in this room has clearly been working around the clock on this item and, quite frankly, will continue to. And that's going to be a little distracting, and you can only do so much in one day. So it does mean that some hours we could've spent on product innovation, et cetera, we push that off. But we're going to get back focused on that as soon as we can, and the rest of the company's already focused on it. So business as usual sounds a little trite, but we're trying to make that just exactly what that is: business as usual.

Glenn Fodor - Morgan Stanley, Research Division

And then just last question, you said you made changes and there's still more changes to be made. I mean is that something where the networks will come in and help advise you on what needs to be done, so you can fall back into compliance? How -- yes, that's basically my question. How much has been done already? I mean, was it just to plug the leak, and is it a whole lot more work to have the ongoing patch, if you will?

Paul R. Garcia

Well, that's another excellent question. So Glenn, let me just say a couple things, which is not typical in these scenarios. Remember, we self-reported this. We self – we determined it ourselves; no one came to us. And I think there is a kind of a, that's great; you guys did that and that's the way these things should work. Now how did they get in, in the first place? That's not a good thing. So we absolutely recognize that and assume full responsibility for it. Just detecting it early is a good thing but it doesn't necessarily -- it doesn't forgive us from trying to stop it altogether. So we are focused on that aspect of it. The associations are working collaboratively with. They've been terrific to date. And they have forensic experts that are working collaboratively with us to get this done, and we will work arm in arm with them until it's resolved.

Operator

At this time, I will now turn the call over to Paul Garcia for earnings commentary.

Paul R. Garcia

Thank you, operator, and let me say, too, when we go to questions on the earnings, obviously, we'll continue to entertain questions on the data breach. So if you feel you want to ask some more of those, absolutely. We just wanted to get this out here, too, because as we said, we're running our business, and we're pleased with our results, and we want to share them with you and give you an opportunity to ask some questions about that, as well.

Okay. So now for Q3. We did have a strong revenue and cash earnings per share performance in the Q, both resulting in 17% growth over prior Q3 to $534 million in revenue and $0.83 of cash EPS. Our revenue this quarter also included a partial benefit from the 3 acquisitions we announced last quarter. These collectively added about 1 percentage point to total company revenue growth, and these acquisitions are all on target financially for the quarter. Let me just remind you what those 3 were. They included the merchant business with more than 6,000 merchants from Alfa-Bank, increasing our footprint in Russia. It was HSBC's merchant acquiring business in Malta consisting of about 4,000 merchants and a portfolio of approximately 9,000 U.S. eCommerce merchants from CyberSource.

For the third quarter, North America delivered revenue growth of 15%, driven largely by our U.S. ISO channel, with continued solid performance from our gaming and direct businesses. Although Canadian transactions grew 6% on a transaction basis, Canada did not meet our internal expectations and posted a revenue decline of about 5% in local currency, and it's primarily due to spread compression.

Our international segment produced another very strong quarter, with revenue growth of 23% fueled pretty much by all regions across Europe. Asia's revenue grew at a somewhat slower rate at 8%, in part due to an intentional exit from a major airline processing relationship. We exited that relationship.

I'm pleased to announce, very pleased to announce -- and a lot of people have been waiting for this. I'm very pleased to announce that we have received formal approval to process China UnionPay renminbi transactions in much of Guangdong province and consistent with the manner in which China UnionPay defines its geographic regions. So it's not all of Guangdong, but it's like cities like Guangzhou. This is a region with 80 million people, so this is probably covering 60 million of them. We continue to focus on expanding our renminbi merchant-acquiring capabilities to all of PRC, and we're making progress.

For the current fiscal year, we anticipate Asia's revenue growth to be about 10%. I'll now turn it over to David. David?

David E. Mangum

Thank you, Paul. North America merchant services revenue growth of 15% was fueled by U.S. transaction growth of 13% and also the positive effect of the debit legislation changes. North America revenue growth was negatively affected by Canadian performance and unfavorable Canadian foreign currency exchange rates. And as a result, North America cash operating income or EBIT dollars were down 1% for the third quarter over prior year. For fiscal 2012, our expectation for the U.S. remains unchanged at mid-teens revenue growth. We now expect Canada revenue to be about flat to as much as 1% up over last year in local currency.

Our international segment delivered strong results. International cash operating margin increased to 37.2% compared to 35% in the prior year. We continue to expect full year revenue growth for fiscal 2012 in U.S. dollars to be about 30%.

For the quarter, we generated free cash flow of $56 million. This includes about $17 million in first-time cash distributions to our bank partners in Spain and Asia. Excluding these distributions, free cash flow would have been $73 million for the quarter. We define free cash flow as net operating cash flows, excluding the impact of settlement assets and obligations, less capital expenditures and distributions to noncontrolling interests.

During the quarter, we spent $36 million on capital expenditures, a substantial portion of that on data center and network infrastructure initiatives. Our third quarter tax rate, based on the face of the income statement, was about as expected at about 28% on both a cash and GAAP basis. We continue to expect our full year tax rates to be about 29%.

During the quarter, on a year-over-year basis, currency changes had a slightly unfavorable effect on each of GAAP and cash revenue and earnings by about $5 million and $0.02 per share. We continue to believe the aggregate effect of currency will likely be about neutral to slightly positive to our earnings per share for fiscal 2012 compared to 2011 due to the general strengthening of the U.S. dollar to date and our outlook for the rest of the year. Fluctuations in exchange rates, in particular, rapid further strengthening of the U.S. dollar, could cause variances to our outlook.

In closing, we continue to expect seasonal improvement across our global markets along with some incremental new business in our U.S. card, gaming and Greater Giving channels to drive sequential benefits in our fourth quarter. And now I'll turn the call back over to Paul.

Paul R. Garcia

Thank you, David. And based on our current outlook and assumptions, we continue to expect our annual fiscal 2012 revenue to be in a range of $2.15 billion to $2.2 billion, reflecting 16% to 18% growth, and our cash earnings per share to be in a range of $3.50 to $3.58, reflecting 14% to 16% growth over fiscal 2011. We now expect a GAAP diluted earnings per share range of $3.10 to $3.18, representing 19% to 22% growth over the prior year and reflecting planned cost savings initiatives in the fourth quarter. Excluding the impact of the debit legislation and our recent acquisitions, we plan to expand cash operating margins in our core business by as much as 50 basis points for the total company for fiscal 2012.

Operator, we'll now go to questions.

Operator

[Operator Instructions] Your first question comes from David Koning with Robert W. Baird.

David J. Koning - Robert W. Baird & Co. Incorporated, Research Division

First of all, just in North America, you mentioned EBIT was down just a bit year-over-year. I'm wondering if you can give us kind of the size of Durbin, so we can kind of get a thought of what maybe core EBIT was down and then kind of how you see that playing out. We've had a few -- like 3 or 4 good quarters of growth, and now it's kind of turned the other way. Maybe you can just give us a little commentary on that.

David E. Mangum

Yes, David. This is David. Relative to the debit legislation, when we were together last quarter, we talked about it adding on the order of $40 million of revenue and certain earnings, and we incorporated that in the guidance. So I think what we can do for now is give you a little more color on that. We're not going to parse Durbin any further in terms of actual performance, and I'll come back to that again in a moment for a couple of interesting reasons. But I will tell you Durbin is roughly on track, probably a little ahead on the revenue side. But what's become very interesting is -- we mentioned to you a couple times on the way to the actual implementation of Durbin, and then even in that first quarter, that we thought it would be transitory, and we're indeed seeing evidence of that in the market as we speak. Evidencing that, we've seen behaviors even from some of our partners that suggest that Durbin had its own influence in some ways that maybe even we didn't anticipate. For example, fees we've seen ISOs charge annually for certain months of the year that occurred in this quarter were not repeated. And our suspicion, of course, is that's in light of any debit legislation benefits, and it really shows the market is still, being -- our partners still being quite circumspect and making sure that all the proper economics are being returned to the proper places as part of this. So it's very difficult to even think about parsing the legislation at this point. So I think we'll stick with -- we incorporated it in the guidance last quarter. It's a little ahead in and of itself on the revenue line. But when you start looking at the overall market, I'm not certain we can even say that with absolute definity.

David J. Koning - Robert W. Baird & Co. Incorporated, Research Division

Okay. And then just on the EBIT side, I mean, do you expect declines to continue? And then quickly on just the breach, does that affect your ability to make acquisitions or buy back stock?

Paul R. Garcia

Right. So in order, I think that we expect EBIT growth in North America in Q4. We expect to see -- our Q4 expectations obviously imply fairly typical seasonality, frankly, around the world in the markets where we're used to seeing that. That would include U.S. and Canada. So all in, we expect nice growth in Q4 in North America, obviously nice growth abroad in order to achieve the levels we're talking about when you look at doing the math of the guidance for the fourth quarter. Relative to capital planning, our priorities remain the same. While we work our way through the investigation -- and just to go back to the earlier questions, we've got to work our way through the investigation, work our way back through any of the remediation required on the ROC since that's been a question several times. That will take whatever time it takes. We can't define that right now, but we'll keep you posted as we go through the process. So as we work our way through that, I think you may see us be a little more circumspect about the deployment of capital and think about our resources. That does not mean we're not open for business, not continuing the same path and same priorities, but perhaps a little more circumspect about substantial outlays at any given time, and we'll be back to you on that as things evolve.

Operator

Your next question comes from Tien-Tsin Huang with JPMorgan.

Tien-Tsin T. Huang - JP Morgan Chase & Co, Research Division

I guess just on Durbin, just parsing through your answer to David's question, does that imply that the margins were a little bit worse than you expected? I know it was running well ahead of what we had modeled. But I'm curious if it's just in the 20 basis-point impact range, understanding that it's tough to parse through the details.

Paul R. Garcia

Yes. I think if you try to isolate it, Tien-Tsin, you'd say, hey, if revenue is over-performing and it's coming from the ISO channel, by definition, the headwind's a little north of what one might've modeled.

Tien-Tsin T. Huang - JP Morgan Chase & Co, Research Division

Right, right. But still in that range, or are we talking about a significant difference in...

Paul R. Garcia

No, we're still in that range, and that's why, quite frankly, we're not going back and re-parsing. What we said to you was the core business would expand its margins on the order of 50 basis points, excluding the 3 acquisitions as well as the legislation. We're still on track for that, and we're still on track for the resulting net opportunity for expansion as well and plus or minus a few basis points. No reason to parse that for you.

Tien-Tsin T. Huang - JP Morgan Chase & Co, Research Division

Okay, good. The Canada piece, the spread compression, a little bit worse than what we expected. So what's driving that? Is it just a competitive change going on there, or is it, perhaps, tied to some of the regulation that's happening there? Just curious.

Jeffrey S. Sloan

Hey, Tien-Tsin, it's Jeff. I'll take a stab at Canada, and of course, David can add as well. I would say that on the spread compression continues. I think it is a very competitive market. We're actually relatively sanguine with our volume growth in Canada as we believe that we're growing north of Canadian GDP, well north of it, as well as north of the organic rate of growth in the Visa and MasterCard volume and transaction counts in Canada. We have seen, though, the spreads outweigh that, which is the genesis of Paul and David's commentary. I believe that's a function of 2 things, Tien-Tsin. First, competition continues in Canada, so I think it's a very competitive marketplace. Second, at the margin, the Canadian economy did not get as high as the U.S. economy did in '07 and '08. It didn't get as low as the U.S. economy did in '08 and '09, but it hasn't recovered to the same extent that the U.S. economic data has indicated that the United States has. So if you think about, Tien-Tsin, the richness of spread, a lot of that is in the small to midsize business segment around the world, but including in Canada. That part has been impacted both by competition as well as by the factors around the Canadian economy that we're seeing. So we're pleased at volume growth, but the spread compression, it more than offsets what we're seeing in terms of market share movements.

Tien-Tsin T. Huang - JP Morgan Chase & Co, Research Division

Okay. That makes sense. Just one more, if you don't mind, just on the breach, then I'll jump off. Just the 1.5 million cards, obviously, pretty small versus what we saw at TJ Maxx and Heartland. I'm curious if -- is it fair to size the impact and we look at those as case studies to help try and frame the impact? I don't know if it's a linear relationship or not, but it seems like it's got to be pretty small in relation to the other financial impacts that we saw those 2 cases. Is that fair?

Paul R. Garcia

Tien-Tsin, I have to tell you that we really can't tell you that is fair at this point. I think we have to continue to size the investments and all the things you have to do to remediate it. We don't think we'll be coming back to you saying it's more than 1.5 million cards. But I don't think you could take $1 cost on someone else and put it towards this. If anything, it could be much higher than that because of the smaller number, but still the cost associated. But I can say this. This is manageable. We will get through this. I will tell you that, absolutely, positively. Now it might be bigger than we'd like, but we're going to get through this. This is a onetime charge. We're going to better for it. We'll get through this, and the sooner we can tell you, the better. And that's what we're focused on.

Operator

Your next question comes from Ashwin Shirvaikar with Citibank.

The question has been withdrawn.

Your next question comes from Greg Smith with Sterne Agee.

Gregory Smith - Sterne Agee & Leach Inc., Research Division

Just back to Canada, is there anything you can do, or are you changing your strategy any? It just still seems like this was kind of a pretty quick change in the spread compression.

Jeffrey S. Sloan

Hey, Greg, it's Jeff. I'll answer that, and David and Paul, of course, can comment as well. The first thing I'd say is we continue to rightsize the business in Canada. So we are taking expense actions to deal with the continued spread compression that we described a few minutes ago. Number two, because the source of good spreads for us in any market, including Canada, is a small to midsized business segment, we have put in place analytical programs to help us minimize attrition generally, but to minimize attrition, in particular, in the higher spread businesses and really look at the lifetime value of customers in that market and around the world. So I would say on the analytical side, those actions have been taken and should start to take effect this coming quarter. We're also looking at selective addition of sales personnel in those markets where we have a sustainable spread and defensible technology advantage, and we'll make selective additional capital investments where appropriate. So I think our strategy hasn't changed in Canada. As I mentioned in Tien-Tsin's question, we're actually pleased with our volume performance relative to the market and our peers, but we just have to deal with the everyday reality of continued competition for spreads, as well as the economic environment in the marketplace in which we operate.

Gregory Smith - Sterne Agee & Leach Inc., Research Division

Okay. And David, do you have the impact from currency on the revenues handy in Canada?

David E. Mangum

In Canada, specifically?

Gregory Smith - Sterne Agee & Leach Inc., Research Division

Yes.

David E. Mangum

I’m sorry, I don't know if we go country by country, but certainly, the Canadian dollar hasn't moved that much, so you can certainly work your way back to it. Hang on one second, and I'll see if I can give you some help there. I'll tell you what, I'll just get back to you, Greg, on that, but we're not going to parse it by country, as you know. It was a negative impact but, at the end of the day, not enormous. This really is about the reasons Jeff's describing.

Gregory Smith - Sterne Agee & Leach Inc., Research Division

Okay. And then another question just on the data breach. So the issue with Visa and not being PCI-compliant, you can process transactions, but are you precluded from signing new merchants up? I mean, what does it really mean?

Paul R. Garcia

Greg, this is Paul. So the answer is we're not precluded from signing up new merchants. We're literally signing them right now. I mean, it's -- we already had our day in Asia, and I can promise you, they signed a lot of merchants. So it is -- that is not part of this. I think, Greg, this is -- as I said, this Catch-22 reference, I think, is a fair one. I mean, the associations -- you had a breach, it's difficult to say you're compliant. So I think we have to remedy that. But I wouldn't want to imply this is without teeth. This is not a good thing, not to have your ROC, and we're very focused on getting that reinstated. We take that very seriously. But it doesn't mean we can't process. It doesn't mean we can't sign merchants to be very, very, very clear.

Gregory Smith - Sterne Agee & Leach Inc., Research Division

But at some point, if you're not compliant, what's the ramification? I mean, don't you think...

Paul R. Garcia

Okay. No, I'd say if you ask me to speculate that, a year from now, we have major issues, I think the associations have to protect themselves, but no one, clearly, is anticipating any of those.

Gregory Smith - Sterne Agee & Leach Inc., Research Division

Okay, okay. I think that's pretty clear. And then just one last one, it's maybe not the time to talk about this, but just broadly throughout Europe, given some of the dislocation with banks there, have other opportunities popped up as far as potential acquisitions? I mean, anything we may see on that front?

Paul R. Garcia

The answer is yes. So I thought David answered that acquisition question superbly, but I will say that we do have a pipeline. We are focused on it. We know we want to take a deep breath here and get through all of this right now, but we absolutely have some great opportunities, including some internationally and just exactly what you said. So stay tuned. We're hopeful.

Operator

Your next question comes from Darrin Peller with Barclays.

Our next question comes from Sanjay Sakhrani with KBW.

Sanjay Sakhrani - Keefe, Bruyette, & Woods, Inc., Research Division

Just a quick question on Asia. I think the revenue guidance there also was a little bit tempered. Could you just talk about what specifically drove that?

David E. Mangum

Yes, Sanjay, it's David. So for the quarter, we posted 8%, which is a little softer than what we might have expected. I think we pointed out in Paul's prepared comments that we did intentionally exit a major merchant relationship in Asia. That was a regional airline for whom we were processing with full indemnity from a bank partner. The indemnity expired, and we were unwilling to proceed without a reserve. So that took the edge off some of the growth, and it will again in Q4 if you marry that to a couple other thoughts. So we're looking at about 10% growth overall. Remember, we've had, on full year basis, the grow-over challenges, particularly last quarter, with the major merchant product launch, the nameless merchant from a year or so ago. So if you marry those together, you kind of get to this sort of 10% level. I guess I'd remind everyone on the call that a couple of points of growth in Asia for this quarter, 8 versus a 10. It's all $700,000 of revenue inside this company. So all in, plus or minus, we're about where we thought we were in Asia. It's probably a little minus. Your point is fair, and your question's absolutely fair. As we head into Q4, we're expecting a bit of an uptick in our DCC volumes and indeed our volumes overall. We may do a couple of targeted re-pricings as well. So we think we have Asia on track. We really weren't surprised but your question’s fair. It's a little light of what we might hoped for, for Q3 and what we expected for Q3.

Paul R. Garcia

Sanjay, let me add some color. This is Paul Garcia. The reality of Asia isn't that we generate a couple million more in revenue per quarter one way or the other. The reality of Asia, I mean, if it goes from 10 to 11 to 12 to 15, I'm going to be very disappointed. Asia is all about getting the real opportunity mined in China, and this announcement about Guangdong and Guangzhou is huge for us. And it's going to take a while to materialize, but it is a very important flag planting. Ditto with India. That's the other big market. We're focused on expanding our presence there. And so that is the real excitement and juice about Asia, and we are continuing to focus on delivering on that. And I’m hopeful in a couple years, that's what we'll be saying. We just have continued expansion in all these geographies.

Sanjay Sakhrani - Keefe, Bruyette, & Woods, Inc., Research Division

I completely understand. And then just one follow-up on the breach. I hate to beat the dead horse, but I just want to make sure I understand this not being a Visa-compliant issue. I mean, is there any liability, kind of impact from a liability increase or anything like that, a financial impact related to that? And then also, have you gotten any clarity from how MasterCard expects -- from MasterCard on how they expect to respond?

David E. Mangum

Sanjay, it's David. I think we'll wrap up liability into, hopefully, one conversation in the future when we've completed the investigation and we know how all these pieces come together. We obviously don't know that right now, hence, we can't quantify, can't reasonably estimate. Hence, I guess just to be really painfully clear, this is not in our expectations for the year on a GAAP basis. We'll be back to you on that when the time is right. We're going to have to roll all that up into one conversation at that time.

Paul R. Garcia

I would say clearly not being PCI-compliant has financial liabilities, and that's part of the number that we'll quantify eventually, and the sooner the better. Okay. Sanjay, sorry.

Sanjay Sakhrani - Keefe, Bruyette, & Woods, Inc., Research Division

And then MasterCard, any comments? Because I didn’t catch that.

Paul R. Garcia

Okay. On the MasterCard, the answer is what's MasterCard's expected -- and there's other card brands here involved, too. I would say that it wouldn't be unexpected to have MasterCard take similar action. We're working hand in glove with them, you can be sure. And their primary interest is to be very thoughtful and very thorough, and they are doing that.

Operator

Your next question comes from Dan Perlin with RBC.

Daniel R. Perlin - RBC Capital Markets, LLC, Research Division

I just got a few on the breach and one on the quarter. Can you confirm that the BINs have been shut off for the 1.5 million cards, meaning the -- what I'll say deactivated?

Paul R. Garcia

Well, no. We can't. I think, Dan, I wouldn't even know how to answer that. I think that the card issuers deal with this in all manners of way, right? They look for any fraudulent activity. And it's very important to understand that, that doesn't necessarily translate -- I mean, having someone's number doesn't translate to that being a fraudulent transaction. It means they had access to it. It doesn't mean it results in fraud activity or cards being issued or any of that, and we don't know that; that's developing. Of course, we're responsible for that, and we will absolutely stand tall and pay that. But how the banks handle that really -- not banks necessarily. How the card-issuing institutions handle that is really up to them. But I will tell you, they have time-proven, really thorough ways of doing it. Consumers, regrettably have cards replaced all the time, and it’s just kind of matter of course, in this industry. I mean, it's a dangerous world out there. But they do a superb job of doing this for the consumer, protecting their consumer completely, and we're going to play our role to make sure all of that works seamlessly.

Daniel R. Perlin - RBC Capital Markets, LLC, Research Division

Right. And just to be clear, you're on the hook for the replacement cost.

Paul R. Garcia

Absolutely, as we should be. Absolutely. We're absolutely are on the hook for that as we should be, and we stand tall to do that at any point. That's our obligation.

Daniel R. Perlin - RBC Capital Markets, LLC, Research Division

The act of processing a transaction as a non-PCI-compliant acquire typically means Visa and MasterCard are levying fines on you. Is that happening, currently?

David E. Mangum

Dan, we're going to talk about liability all in one conversation when we can reasonably estimate it and size it. We'll be back to you when we have that.

Daniel R. Perlin - RBC Capital Markets, LLC, Research Division

Can you remind us what the size of your insurance policy around all this stuff is?

David E. Mangum

Dan, we have insurance in place for events like this, but we have to know exactly what the pieces and the parts are and calculate it against the actual policies and work with our providers and our partners. So when we have numbers, we will be back to you.

Daniel R. Perlin - RBC Capital Markets, LLC, Research Division

All right. And then in Canada, the transactions were strong, revenues down. We're hearing that the ISO market in that region is heating up pretty significantly and the trend would suggest that. You guys have any thoughts around that?

Jeffrey S. Sloan

Yes, Dan, it's Jeff. I'll take that. So we're pleased to have a number of our ISOs with us as partners in the Canadian market, and we're adding more as we speak. So we think that's a good thing. We've been operating with a number of our partners up there for some time, so I don't think that's new. If you go back to what David and I talked about a few minutes ago about what's going on in that marketplace, that is not driving the trends that we're seeing. Instead, it's just a very competitive market generally, augmented somewhat by a differential economic environment in terms of recovery relative to what you see in the United States. But if you go back to what I've mentioned, our volume growth, our transaction growth is good in that market. And if we can get more quality ISO partners up there, that is absolutely part of our plan.

Daniel R. Perlin - RBC Capital Markets, LLC, Research Division

But you think that with transaction growth, you can have incremental margins in that business, or are we going to have a similar problem to what we see in the U.S.?

Jeffrey S. Sloan

Well, I think it's, order of magnitude, different today in terms of the contribution of the ISOs in the Canadian marketplace versus what it is in the United States. We have a very large national business, for example, that we purchased a long time ago in Canada. So it's a little bit apples and oranges. But I would tell you the way we think about it, Dan, as a tactical matter within the company is we welcome our partners to come up to Canada. So I'm not concerned about that issue in the near term, nor do I think that's impacting the spreads that we described some time ago.

Operator

Your next question comes from Chris Brendler with Stifel, Nicolaus.

Christopher Brendler - Stifel, Nicolaus & Co., Inc., Research Division

On the breach front, I know it's still early, but is there any way you could characterize in terms of where the breach occurred in your systems, where that particular system was from a technology upgrade standpoint? I mean, I know you have the G2 platform. You invested a lot. Was this within G2, or is it outside G2? Was it a legacy system that was breached? Can you give us any color on that front?

Paul R. Garcia

So Chris, so let me clarify a couple things. Number one, remember, this was self-detected so the loss prevention software we had in place to determine these types of intrusions actually worked, but it didn't work perfectly enough to stop them. So partly, it worked; partly, it didn't. And we are focusing on where that happened and remediating it. You can be sure of that. We're not going to share any specific details on exactly other than it's confined in North America. It's a number of servers based, and there's a massive number that were not implicated. And that's all we can say on that. And partly, Chris, honestly, this is an ongoing federal investigation, and we got to let them do their work.

Christopher Brendler - Stifel, Nicolaus & Co., Inc., Research Division

Sorry, I understand that. So I guess on a related question, the North American operating margin is down this quarter. And with the security issues confined in North America, I was wondering if you had any sense of – are we looking at a little lower margin in North America for the near term as you address security issues as well as what's going in the marketplace? And if you could just give us a little more color as to security issues on North American margins. And also, I didn't catch if you had a U.S. transaction number and how the core business is doing in the U.S. would also be helpful from a transaction count.

David E. Mangum

Sure. So, Chris, this is David. I'll start where we were before the -- we're not in a position to quantify the impact of the incident. When we are, we'll talk to you about it. Obviously, in Q4, with the new sales, the new merchants we're boarding for our gaming, the uptick we see seasonally in Greater Giving, we're expecting EBIT and margins to tick up nicely in North America in Q4. If you want to project forward without quantifying, because we're not in a position to do it, it's fair to say incremental investments, say, in 2013 or something along those lines. Once we're through our investigation, through any remediation, it all revolves around anything we can quantify for you relative to the incident. Many of our IT investments do indeed hit the North American merchant services income line. So it's fair to think about it in that way. But until we can quantify either of these, the impact of the intrusion, much less the ongoing investment levels, I can't give you a great quantified answer. But from a color perspective, I think you're thinking about the geography of the income statement in the right way.

Christopher Brendler - Stifel, Nicolaus & Co., Inc., Research Division

Right. And then on transactions, I saw -- I think we had 13% transaction growth in the U.S. last quarter. Can you talk about how you caught that number for this quarter?

Paul R. Garcia

Yes, it was 13% again, Chris.

Operator

At this time, we have reached the allotted time for questions and answers. I will now turn the call back to Paul Garcia for closing remarks.

Paul R. Garcia

Well, ladies and gentlemen, thank you very much, and we appreciate your interest in Global Payments.

Operator

Thank you. This concludes the conference. You may now disconnect.

Copyright policy: All transcripts on this site are the copyright of Seeking Alpha. However, we view them as an important resource for bloggers and journalists, and are excited to contribute to the democratization of financial information on the Internet. (Until now investors have had to pay thousands of dollars in subscription fees for transcripts.) So our reproduction policy is as follows: You may quote up to 400 words of any transcript on the condition that you attribute the transcript to Seeking Alpha and either link to the original transcript or to www.SeekingAlpha.com. All other use is prohibited.

THE INFORMATION CONTAINED HERE IS A TEXTUAL REPRESENTATION OF THE APPLICABLE COMPANY'S CONFERENCE CALL, CONFERENCE PRESENTATION OR OTHER AUDIO PRESENTATION, AND WHILE EFFORTS ARE MADE TO PROVIDE AN ACCURATE TRANSCRIPTION, THERE MAY BE MATERIAL ERRORS, OMISSIONS, OR INACCURACIES IN THE REPORTING OF THE SUBSTANCE OF THE AUDIO PRESENTATIONS. IN NO WAY DOES SEEKING ALPHA ASSUME ANY RESPONSIBILITY FOR ANY INVESTMENT OR OTHER DECISIONS MADE BASED UPON THE INFORMATION PROVIDED ON THIS WEB SITE OR IN ANY TRANSCRIPT. USERS ARE ADVISED TO REVIEW THE APPLICABLE COMPANY'S AUDIO PRESENTATION ITSELF AND THE APPLICABLE COMPANY'S SEC FILINGS BEFORE MAKING ANY INVESTMENT OR OTHER DECISIONS.

If you have any additional questions about our online transcripts, please contact us at: transcripts@seekingalpha.com. Thank you!

Source: Global Payments' CEO Discusses Q3 2012 Results - Earnings Call Transcript
This Transcript
All Transcripts