After suffering massive data breaches in late 2008, card payment
processors RBS WorldPay and Heartland Payment Systems have been put
back onto Visa’s PCI DSS Validated Service Providers list.
RBS WorldPay, taken off the list after data for up to 1.5 million
cardholders was exposed in November 2008, has been reinstated after
passing its annual PCI DSS assessment in early May. Heartland
Payment Systems, victim of a much larger breach, with potentially
over 100 million cards being compromised, has also been reinstated,
but has declared the fee imposed on it by MasterCard in relation to
the incident “illegal”.
The fine for Heartland was imposed by MasterCard because of an
alleged failure on the processor’s part to take correct action
initially once the breach was discovered. In its recent first
quarter conference call, Heartland CEO Robert Carr stated he
believes the charges are without merit.
“We intend to vigorously defend any claims asserted against us and
we believe we have meritorious defences,” Carr said. “Heartland
believes it responded appropriately to all information regarding
the possibility of the system breach and upon discovering the
intrusion it took immediate and extraordinary action.”
Carr went on to explain how much the breach cost the
“This quarter we have taken a $12.6 million charge in expenses and
accruals attributable to the processing system intrusion announced
in the first quarter,” he added.
“More than 50 percent of this expense, however, relates to a fine
MasterCard assessed against our sponsor banks ostensibly because of
an alleged failure by Heartland to take appropriate action upon
having learned its computer system may have been breached.”
The statement came shortly after Heartland threatened competitors
with legal action in March when it alleged they were misleading
merchant customers, claiming they would be punished for doing
business with the processor after it was removed from the list.
Conversely, RBS WorldPay, despite being off the list at the time,
managed to secure a contract to process tax returns for the US
Internal Revenue Service in late April.