The bumbling saga of credit-card processing company CardSystems has ended. The Arizona-based company is being purchased by Pay By Touch, a payment processor that specializes in biometric verification of purchases, such as fingerprint reading at checkout counters.

CardSystems' assets were put on the chopping block after it admitted responsibility for allowing the accounts of 40 million Visa and MasterCard holders to be exposed to a ring of hackers.

The company had been holding the users' data for "research purposes," in violation of agreements it had struck with the credit card associations and their affiliated banks.

Pay By Touch specializes in using fingerprint readouts as "data points" for verifying a customer's identity. The "data points" link the customer's fingerprint to an "e-wallet" which connects to their checking account, as well as to any available information about "loyalty card" memberships the customer may have.

Theoretically, this could lead to a reduced possibility of credit card fraud and identity theft, but it also leads to an increase of information collected by stores, which they can use for targeted marketing.

Pay By Touch already has an in-house credit card payment system, but the company wanted access to CardSystems' files on 120,000 merchants that used CardSystems to process credit card transactions.

CardSystems had originally been eyed for purchase by CyberSource, a California-based rival payment-processing company. The New York Times reported that talks between the companies broke down for undisclosed reasons. According to the Red Herring online business journal, CyberSource simply got outbid by Pay By Touch.

Pay By Touch recently secured $130 million in financing for its next round of investments in biometric identification.

Visa had agreed to extend its deadline for terminating business with CardSystems from October 2005 until January 21st, 2006, in order for CyberSource to complete its purchase. That deal will now be transferred to Pay By Touch.

The CardSystems data breach is the single largest case of its kind in history -- the culmination of a year full of data losses, misplaced tapes, database hacks, and scams. The breach has prompted state and federal officials to push for stronger laws regarding identity theft protection, disclosure of company data breaches, and consumer protection.

The breach also prompted a class action lawsuit against CardSystems, Visa, and MasterCard for failing to protect cardholders' information.

The lawsuit encountered a setback in September 2005, when a federal judge ruled that it was not the responsibility of credit card companies to notify customers of data breaches.