The company's description of the breach leaves some questions unanswered, said Avivah Litan, an analyst with Gartner Inc. "It seems obvious that they were breached ... but they didn't come out and say it straight," Litan said. "All they said is what was not involved. That's the mystery here."

There also appears to be a discrepancy between Global Payments' description of the data that was compromised and the description by MasterCard and Visa. According to the alert sent out by the credit card companies to card-issuers, the compromised data included both Track 1 data, which includes personally identifiable information such as the cardholder's name and account number, and Track 2 data, which involves information such as the card's expiration date and the account number. However, Global Payments has insisted that only Track 2 data was compromised in the breach.

"This discrepancy just raises more questions. We still don't have all the information here," Litan said.

A Visa spokesman said the company does not comment on private internal communications regarding an ongoing investigation.

Meanwhile, in a Monday, Krebs added that he has information suggesting that Global Payments may have been breached for much longer than the company has let on. According to Krebs, documents obtained from a hacker suggest that criminals may have had control of the company's network for the past 13 months before they were discovered earlier this year. Krebs claimed that document, which he is attempting to authenticate with Global Payments, appears to contain sensitive information about the payment processor's internal databases.