Credit card processor CardSystems is likely to close following last month's theft of 40 million client records. The company lost two of its main customers last week, Visa and American Express. 

CardSystems chief executive John Perry told the US House of Representatives last week that the firm will "be forced to permanently close its doors" unless the two credit card companies reconsider.

Perry testified in a hearing about the security of credit card processing for a subcommittee on financial services. A PDF of his testimony is available for download here. 

Visa sent a memorandum last week to inform banks that the credit card provider plans to cancel its contract with CardSystems.

"In violation of Visa's rules [CardSystems] did not have the appropriate controls in place to protect cardholder information," Rosetta Jones, vice president for Visa, told vnunet.com.

"Despite some remediation actions taken by the processor since the initial reporting of the data compromise, Visa cannot overlook the significant harm that the data compromise, and CardSystems' failure to maintain the required security protection, has had on Visa member financial institutions, merchants and cardholders."

American Express followed Visa's example, while MasterCard has extended its deadline until 31 August for CardSystems to prove that it complies with the firm's security requirements.

In what is believed to be the largest case of identity theft in history, hackers stole 40 million client records from CardSystems' database. MasterCard made the case public after its fraud fighting tools pointed out the hack.

CardSystems stored data in such a form that the hackers were able to trace the information back to individual accounts.

Perry acknowledged that this was in violation of the security standards demanded by Visa and MasterCard, and testified that the firm no longer stores such 'track data'.

The breach of CardSystems' computers dated back to September 2004, when a script was installed on its servers that periodically looked for specific file types.

"We know for certain that three files were wrongfully removed from the CardSystems platform," said Perry. The three files contained a total of 263,000 records for 239,000 account numbers.