Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
|---|---|
Dec. 31, 2025 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] | As a technology company in the global payments industry entrusted with the safeguarding of sensitive information (including personal information), cybersecurity risk management is an integral part of our overall enterprise risk management program. A robust program to protect our network from cyber and information security threats is critical to managing risk effectively. Our network and platforms incorporate multiple layers of protection, providing greater resiliency and security protection. Our programs are assessed by third parties and incorporate benchmarking and other data from peer companies and consultants. We engage in many efforts to mitigate information security challenges, including maintaining an information security program, an enterprise resilience program and insurance coverage, as well as regularly testing our systems to address potential vulnerabilities. We work with experts across the organization (as well as through other sources such as public-private partnerships) to monitor and respond quickly to a range of cyber and physical threats, including threats and incidents associated with the use of services provided by third-party providers. Our cybersecurity program provides (among other things) a framework for handling cybersecurity threats and incidents, which includes steps for identifying the nature of a cybersecurity threat (including whether the threat is associated with a third-party provider), assessing the severity of a cybersecurity threat (including advancing to key members of management where appropriate for determination of potential materiality) and implementing cybersecurity processes and procedures. |
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] | As a technology company in the global payments industry entrusted with the safeguarding of sensitive information (including personal information), cybersecurity risk management is an integral part of our overall enterprise risk management program. A robust program to protect our network from cyber and information security threats is critical to managing risk effectively. Our network and platforms incorporate multiple layers of protection, providing greater resiliency and security protection. |
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Board of Directors Oversight [Text Block] | Our Board and Risk Committee have specific oversight responsibilities with respect to cybersecurity and privacy risk: •Board: Understanding the issues and risks that are central to the Company’s success, including cybersecurity matters
|
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | Our Board and Risk Committee have specific oversight responsibilities with respect to cybersecurity and privacy risk: •Board: Understanding the issues and risks that are central to the Company’s success, including cybersecurity matters •Risk Committee: Overseeing risks relating to our policies, procedures and strategic approach to information security (inclusive of cybersecurity), privacy and data protection, among other things In general, the Audit Committee and Risk Committee coordinate to oversee our guidelines and policies with respect to risk assessment and risk management and our Audit Committee discusses our financial and operational risk exposures and the steps management has taken to monitor and control such exposures. In this context, the Audit Committee would be informed of a material cybersecurity incident that could have a potential impact on our financial statements.
|
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | Given the importance of information security and privacy to our stakeholders, our Board receives an annual report from our CSO to discuss our program for managing information security risks, including cyber and data security risks. The Risk Committee also receives periodic briefings on data privacy from the Chief Privacy and Data Responsibility Officer. Our Risk Committee receives regular reports on our cyber readiness, our risk profile status, our cybersecurity programs, material cybersecurity risks and mitigation strategies, third-party assessments of our cybersecurity program and other cybersecurity developments. The Risk Committee Chairperson provides reports to the Board on such topics. Our Board and the Risk Committee also receive information about these topics as part of regular business, legal and regulatory updates. In addition, we engage directors as part of cybersecurity and data breach incident simulations. |
| Cybersecurity Risk Role of Management [Text Block] | Management responsibilities We have a core group of senior executives who are responsible for assessing and managing risk and implementing policies, procedures and strategies pertaining to security governance, data protection and privacy. These executives include: •Chief Security Officer (CSO), who develops and oversees the programs, policies and controls we have implemented across the organization to reduce and prevent logical and physical risks, including information security and cyber risks to our people, intellectual property, data and tangible property •Chief Privacy and Data Responsibility Officer, who establishes and oversees the programs, policies, processes and controls we have implemented across the organization to ensure compliance with worldwide laws and regulations regarding how we collect, use, share, store, transfer and otherwise process data and utilize AI, while also managing our relevant engagements with regulators, policymakers and key stakeholders •Chief Data Officer, who establishes and oversees our efforts to maintain an ethical, responsible enterprise data program that adheres to our high standards for data quality, curation and governance while minimizing data risks •Data Protection Officer, who reports to the Chief Privacy and Data Responsibility Officer and, with the support of the Global Data Protection Office, ensures that we continue to adhere to the GDPR and local privacy requirements, including by handling privacy requests from individuals and regulators In order to be appointed to one of the roles described above, we require expertise with cybersecurity or data privacy (as applicable), as demonstrated by prior work or other cybersecurity or data privacy experience or possession of a cybersecurity or data privacy degree or certification. Each individual currently serving in these roles meets the applicable expertise requirements. How management is informed of and monitors incidents Our management is responsible for identifying, considering and assessing material cybersecurity risks on an ongoing basis, establishing processes to ensure that such potential cybersecurity risks are monitored, implementing appropriate mitigation measures and maintaining our cybersecurity programs. Our cybersecurity programs are under the direction of our CSO (in coordination with our Chief Privacy and Data Responsibility Officer and Chief Data Officer, among others), who receives reports from our cybersecurity teams and monitors the prevention, detection, mitigation and remediation of cybersecurity incidents. Our management, including the CSO and our cybersecurity teams, follow a risk-based escalation process to notify the Risk Committee outside of the regular reporting cycle as appropriate when they identify an emerging risk or material issue.
|
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | Chief Security Officer (CSO), who develops and oversees the programs, policies and controls we have implemented across the organization to reduce and prevent logical and physical risks, including information security and cyber risks to our people, intellectual property, data and tangible property •Chief Privacy and Data Responsibility Officer, who establishes and oversees the programs, policies, processes and controls we have implemented across the organization to ensure compliance with worldwide laws and regulations regarding how we collect, use, share, store, transfer and otherwise process data and utilize AI, while also managing our relevant engagements with regulators, policymakers and key stakeholders •Chief Data Officer, who establishes and oversees our efforts to maintain an ethical, responsible enterprise data program that adheres to our high standards for data quality, curation and governance while minimizing data risks •Data Protection Officer, who reports to the Chief Privacy and Data Responsibility Officer and, with the support of the Global Data Protection Office, ensures that we continue to adhere to the GDPR and local privacy requirements, including by handling privacy requests from individuals and regulators
|
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | In order to be appointed to one of the roles described above, we require expertise with cybersecurity or data privacy (as applicable), as demonstrated by prior work or other cybersecurity or data privacy experience or possession of a cybersecurity or data privacy degree or certification. Each individual currently serving in these roles meets the applicable expertise requirements. |
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | Our management is responsible for identifying, considering and assessing material cybersecurity risks on an ongoing basis, establishing processes to ensure that such potential cybersecurity risks are monitored, implementing appropriate mitigation measures and maintaining our cybersecurity programs. Our cybersecurity programs are under the direction of our CSO (in coordination with our Chief Privacy and Data Responsibility Officer and Chief Data Officer, among others), who receives reports from our cybersecurity teams and monitors the prevention, detection, mitigation and remediation of cybersecurity incidents. Our management, including the CSO and our cybersecurity teams, follow a risk-based escalation process to notify the Risk Committee outside of the regular reporting cycle as appropriate when they identify an emerging risk or material issue. |
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |