Heartland Payment Systems said it discovered the security breach last year when malicious code was detected in software that handles transactions for around 175,000 of the 250,000 retailers and merchants it works with, the Associated Press reports.
The company added that it is impossible to say how many cards were affected by the breach because the spyware captured data as it was transferred, unencrypted, across its network.
In a statement, Heartland confirmed the security loophole has been closed, but the Associated Press said it already faces the likelihood of "big penalties" from reimbursing banks for the cost of replacing compromised cards.
Some analysts told the news service that the reputational damage caused by such a potentially large breach could even threaten the future of the company.
In 2005, another payments processor - CardSystems Solutions - collapsed after data on 40 million credit card accounts was compromised and many of the big card brands stopped doing business with the firm.