INDEX / DIRECTORY / WORLDPAY / DIGITAL

WorldPay DIGITAL

DIGITAL INFRASTRUCTURE AUDIT UPDATED 2026-06-16
Digital Score 0.00 /10 E WorldPay - BDS-1000 165
Digital 0.00

Evidence-only forensic audit. Scoring happens downstream - see the main dossier for the composite assessment.

Digital Audit: Worldpay

Audit Phase: Digital (Digital / Technology Forensics) Subject Entity: Worldpay (operating subsidiary of Global Payments Inc., NYSE: GPN, as of January 2026) Registered/Operational Context: Global payments processor; US-parented group headquartered in Atlanta, Georgia, following the January 2026 acquisition of Worldpay from GTCR and FIS Audit Date: June 2026 Evidence Base: Published corporate disclosures, SEC filings, vendor and acquirer press releases, Worldpay/Global Payments developer documentation and careers postings, trade and technology press, and court/security reporting. All factual claims are drawn from publicly available sources cited in the End Notes.

Scope and directionality note: Digital assesses the digital/technology nexus to Israel. The serious case is the provision of surveillance, digital, data, or cyber technology to the Israeli state, military, or security services. The reverse direction - Worldpay procuring technology from Israeli-origin vendors, or operating an engineering presence in Israel - is recorded explicitly as such and weighted far lower than provision. No transitive guilt is imputed: an Israeli vendor’s other clients, its founders’ military backgrounds, or a parent group’s separate activities are not attributed to Worldpay. US-entity relationships (AWS, Google Cloud, Microsoft) are not Israeli-origin and are noted only for completeness. A cyberattack or vulnerability suffered by Worldpay is recorded as something done to the company, not as provision.

Enterprise Technology Stack & Vendor Relationships

Corporate Context (Direction: not applicable - structural)

Global Payments Inc. completed its acquisition of Worldpay from GTCR and FIS on 9 January 2026, in a transaction valued at $24.25 billion in cash and stock; the consideration paid to GTCR comprised approximately $6.2 billion in cash and 43.3 million Global Payments shares, leaving GTCR with roughly 15% of Global Payments’ equity.12 Concurrently, Global Payments divested its Issuer Solutions business to FIS, positioning the combined entity as a commerce-solutions provider.12 Worldpay now operates as a subsidiary of Global Payments Inc., a US-headquartered entity, and group-level technology decisions are made at the parent level.1

Cloud and Platform Stack (Direction: Worldpay as customer of US vendors)

Worldpay’s published engineering documentation and a vendor case study identify Amazon Web Services (AWS) as primary cloud infrastructure, with Red Hat OpenShift and Kubernetes for container orchestration; Worldpay’s own careers postings further describe experience across AWS, Microsoft Azure, and Google Cloud Platform, with Terraform, Helm, Prometheus, Grafana, the ELK stack, and Snowflake.34 A Sysdig customer case study names Worldpay’s use of Sysdig Secure and Sysdig Monitor (Sysdig is a US-founded cloud-security firm) alongside open-source Falco and Open Policy Agent.3 At the parent level, Global Payments and AWS announced a multi-year collaboration in 2020 to build a cloud-based issuer-processing platform handling approximately 27 billion transactions annually; that issuer business was the unit divested to FIS in 2026.5 Global Payments also appears as a Google Cloud partner and has published a Cloud SQL resilience case study.4 All of these are US-origin vendor relationships in which Worldpay/Global Payments is the customer; none is an Israeli-origin relationship.

Israeli-Origin Technology Vendors

No public evidence identified of a confirmed, primary-sourced contractual relationship in which Worldpay or Global Payments procures technology from a named Israeli-origin vendor. The financial-services sector is broadly served by Israeli-founded cybersecurity firms (e.g. CyberArk, Check Point, Wiz, SentinelOne) and by the Israeli-origin financial-crime vendor NICE Actimize, but none of these was tied to Worldpay’s environment by any procurement record, customer press release, or named-customer disclosure located in this review. Third-party “technology-user” databases and product-comparison/review aggregators are compiled by inference and are not treated as evidentiary. (A historical FIS–NICE Actimize financial-crime partnership is recorded separately below.)

Procurement Transparency Constraints

Worldpay’s Data Processing Addendum states that the company maintains a list of third-party suppliers with access to Merchant Personal Data on its Client Portal, behind authentication; the substantive sub-processor list is therefore not in the open public domain.6 Worldpay and Global Payments are private-sector entities not subject to UK/EU public-procurement disclosure for their security and IT stack. Vendor relationships below the level of named, publicly announced partnerships are not publicly disclosed; this is the principal evidence gap in this domain.

Surveillance, Biometrics & Retail Technology

Biometric and Facial-Recognition R&D (Direction: internal R&D; no Israel nexus identified)

Worldpay has historically conducted in-house biometric payment R&D. In 2015 it publicly trialled a prototype “PED Cam” point-of-sale terminal with an upward-facing camera that captured an image of the cardholder at PIN entry and built a facial-recognition template, stored in a Worldpay-managed central database, to flag anomalous card use as a fraud-prevention layer.7 In November 2015 Worldpay employees participated in a finger-vein biometric payment proof-of-concept at the point of sale, run with Visa Europe Collab and the biometric startup Sthaler.8 These were internal fraud-prevention innovation trials; no public evidence identified that any resulting biometric technology was provided to, deployed for, or developed with the Israeli state, military, or security services.

Surveillance Technology Provision to State/Security Bodies

No public evidence identified.

Cloud Infrastructure, Data Residency & Sovereign Cloud Participation

Israel-Facing Payment and Settlement Infrastructure (Direction: commercial service into Israel)

Worldpay’s developer documentation publishes payout and domestic-payment coverage for Israel: the target settlement currency is the Israeli Shekel (ILS, country code IL), with domestic payments offering “T+1” earliest beneficiary credit and an 11:00 (UK time) cut-off, requiring a 23-character Israeli IBAN, bank name, and SWIFT BIC; international wire support into Israel is also documented.9 This describes a commercial payment-processing and payout capability into the Israeli banking system available to Worldpay’s merchant and PSP customers; the documentation does not name a specific Israeli clearing bank, and no public evidence identified that this constitutes provision of technology to the Israeli state or security apparatus as opposed to ordinary cross-border commercial payments coverage.

Sovereign Cloud Participation

No public evidence identified of Worldpay or Global Payments participating in an Israeli sovereign-cloud programme (e.g. Project Nimbus) as a provider. The group’s cloud relationships (AWS, Google Cloud, Azure) are contracted with US vendors.345

Data Residency

No public evidence identified of a disclosed Worldpay data-residency arrangement specific to Israel beyond the ILS settlement coverage noted above.

Defence, Intelligence & Security Sector Technology Relationships

Provision to Israeli Defence/Intelligence/Security

No public evidence identified that Worldpay or Global Payments provides payment, data, cyber, or digital technology to the Israeli Ministry of Defence, the IDF, or Israeli intelligence or security services.

Historical Financial-Crime Vendor Partnership (Direction: legacy parent as customer of Israeli-origin vendor)

In 2010 - long before Worldpay’s later corporate history under FIS (2019–2024) - NICE Actimize (the financial-crime division of Israeli-founded NICE Systems / NICE Ltd, HQ Ra’anana, Israel) announced an expanded enterprise financial-crime-management partnership with FIS, integrating Actimize’s employee-fraud detection into FIS core processing.10 This is an inbound (customer) relationship of FIS with an Israeli-origin vendor and predates Worldpay’s ownership by FIS; the press release does not name Worldpay, and no public evidence identified that NICE Actimize technology was embedded in the Worldpay payment platform specifically. It is recorded here for completeness, not as a Worldpay provision relationship.

AI, Algorithmic & Autonomous Systems

Worldpay FraudSight / Featurespace (Direction: Worldpay as customer of UK vendor)

Worldpay’s flagship AI fraud product, FraudSight, uses machine-learning models (supervised and unsupervised) for real-time fraud scoring across in-store and online channels; it has been integrated with partners such as Capital One’s fraud-decisioning engine for real-time data exchange.11 FraudSight was built in partnership with Featurespace, a fraud-AI vendor headquartered in Cambridge, United Kingdom (founded 2008), whose Adaptive Behavioral Analytics technology underpins the solution.1213 Featurespace was acquired by Visa (a US entity) on 19 December 2024.13 This is a UK/US-origin AI vendor relationship; no Israeli-origin nexus identified.

Other AI/Algorithmic Systems

Global Payments engineering roles in Israel (see Technology Ecosystem section) reference data and BI engineering, including Google BigQuery, indicating analytics/ML tooling within the group’s stack; these are internal-platform roles, not provisions of AI to any external state body.14 No public evidence identified of Worldpay supplying autonomous-systems or AI technology to Israeli military, security, or surveillance programmes.

Technology Ecosystem & R&D Footprint

Engineering Presence in Israel (Direction: company operating in Israel; group-internal)

Multiple live Global Payments careers postings confirm a Global Payments engineering/R&D office in Rehovot, Israel, with open and recent roles including Cloud Engineer, Senior Software Engineer, Software Engineer, Automation QA Engineer, and Senior Data & BI Engineer.1415 The Rehovot Cloud Engineer posting specifies securing cloud environments under DevOps best practice, requiring experience with Google Cloud Platform and AWS, Kubernetes, Jenkins/GitHub Actions CI/CD, and Terraform.15 This establishes that the Global Payments group (Worldpay’s parent) maintains a sustained engineering footprint in Israel. The public record reviewed does not definitively attribute this office to a specific prior acquisition, and does not establish whether its work is dedicated to the Worldpay product line, to legacy issuer/TSYS systems, or to shared group platforms; that attribution is unresolved on the available evidence. No public evidence identified that this engineering centre develops technology for the Israeli state, military, or security services; on the available record it is an internal corporate R&D site located in Israel.

R&D Partnerships and Innovation Labs

No public evidence identified of a Worldpay or Global Payments R&D partnership, accelerator, or innovation lab established jointly with Israeli state-affiliated bodies, the Israel Innovation Authority, or Israeli defence/security entities.

Civil Society Scrutiny & Regulatory History

Security Incidents Suffered by the Company (Direction: done TO the company)

Worldpay has been the subject of disclosed security weaknesses. In 2016–2017, security researcher Randy Westergren reported multiple vulnerabilities in Worldpay’s merchant portal, including an Insecure Direct Object Reference (IDOR) flaw that allowed an authenticated user to view other merchants’ transaction data - including the last four digits and expiry date of payment cards - which Worldpay subsequently fixed.16 Separately, predecessor entity RBS WorldPay disclosed a 2008–2009 data breach affecting roughly 1.5 million card records.17 At parent level, Global Payments Inc. disclosed a 2012 data breach affecting approximately 1.5 million card numbers that ultimately cost the company around $100 million.18 These are incidents inflicted on the company; no Israel nexus is identified in any of them.

Regulatory and Court Actions

In 2026 the Paris Criminal Court convicted Worldpay in connection with a forex/investment-fraud scheme (operating 2011–2014 via a client identified as “Seroph”/Dutch-registered), finding Worldpay had failed to conduct adequate client due diligence and imposing a €200,000 fine; Worldpay’s payment infrastructure was used to process funds connected to the fraudulent network.19 This is an anti-money-laundering/due-diligence enforcement matter with no Israel nexus identified.

NGO / Campaign Scrutiny on Israel Nexus

No public evidence identified of a named NGO, BDS, or civil-society campaign specifically targeting Worldpay or Global Payments over provision of surveillance or digital technology to Israel.

End Notes

Footnotes

  1. Global Payments Inc., Form 8-K and press release, “Global Payments Completes Transformative Worldpay Acquisition and Divestiture” (January 2026). https://www.sec.gov/Archives/edgar/data/0001123360/000110465926002705/tm262856d1_8k.htm 2 3

  2. GTCR, “GTCR Completes Sale of Worldpay to Global Payments,” PR Newswire. https://www.prnewswire.com/news-releases/gtcr-completes-sale-of-worldpay-to-global-payments-302658108.html 2

  3. Sysdig, “Worldpay Gains Competitive Edge With Faster Delivery of Innovative PCI-Compliant Payment Solutions” (customer case study). https://www.sysdig.com/customers/worldpay-by-fis 2 3

  4. Google Cloud, “How Global Payments built a resilient architecture for scale with Cloud SQL.” https://cloud.google.com/blog/topics/financial-services/how-global-payments-built-a-resilient-architecture-for-scale-with-cloud-sql 2 3

  5. Global Payments Inc., “Global Payments Joins Forces with AWS to Deliver the Future of Payments.” https://investors.globalpayments.com/news-events/press-releases/detail/49/global-payments-joins-forces-with-aws-to-deliver-the-future 2

  6. Worldpay, “Worldpay Data Processing Addendum” (June 2025). https://platforms.worldpay.com/en/wp-content/uploads/sites/2/2025/06/Worldpay-Data-Processing-Addendum.pdf

  7. NFCW, “Worldpay employees trial finger vein biometrics for payments in stores” and PYMNTS, “Worldpay Looks Into Facial Recognition Transaction Tech.” https://www.pymnts.com/news/2015/worldpay-looks-into-facial-recognition-transaction-tech/

  8. NFCW, “Worldpay employees trial finger vein biometrics for payments in stores.” https://www.nfcw.com/2015/11/11/339441/worldpay-employees-trial-finger-vein-biometrics-for-payments-in-stores/

  9. Worldpay Developer Hub, “Israel” payout/domestic-payment coverage. https://docs.worldpay.com/access/products/access/marketplaces/coverage/bank/apac/israel

  10. PR Newswire, “NICE Actimize Expands Enterprise Financial Crime Management Partnership with FIS to Include Employee Fraud Detection” (2010). https://www.prnewswire.com/news-releases/nice-actimize-expands-enterprise-financial-crime-management-partnership-with-fis-to-include-employee-fraud-detection-104932909.html

  11. Worldpay, “FraudSight: payment fraud prevention.” https://www.worldpay.com/en/fraudsight

  12. Featurespace, “Worldpay” client page. https://www.featurespace.com/clients/worldpay

  13. Visa, “Visa Completes Acquisition of Featurespace” / Cambridge Independent, “Visa completes acquisition of Cambridge cybersecurity company Featurespace.” https://www.cambridgeindependent.co.uk/business/visa-completes-acquisition-of-featurespace-9397798/ 2

  14. Global Payments Careers, “Senior Data & BI Engineer, Rehovot, Israel.” https://jobs.globalpayments.com/en/jobs/r0057003/senior-data-bi-engineer/ 2

  15. Global Payments Careers, “Cloud Engineer, Rehovot, Israel.” https://jobs.globalpayments.com/en/jobs/r0066379/cloud-engineer/ 2

  16. SC Media, “Worldpay merchant portal allowed merchants to view customer card data,” and Randy Westergren, “Compliance Strikes Again: Multiple Vulnerabilities in Worldpay’s Merchant Portal.” https://randywestergren.com/compliance-strikes-multiple-vulnerabilities-worldpays-merchant-portal/

  17. Privacy Rights Clearinghouse, “RBS WorldPay” data-breach record. https://privacyrights.org/data-breaches/rbs-worldpay

  18. Wikipedia, “Global Payments” (2012 data breach summary). https://en.wikipedia.org/wiki/Global_Payments

  19. The420.in, “Global Payments Giant Worldpay Penalised in Forex Scam Case” (Paris Criminal Court, 2026). https://the420.in/worldpay-forex-scam-french-court-fine-347-crore/