More than two months after the first announcement of the Heartland Payment Systems security breach, the processor has continued to draw fire from merchants and issuers. Damages from what may be the largest PCI data breach in history continue to snowball into public relations disputes, lawsuits and government probes aimed at the company.
Card processing giant Visa on March 23 delivered a public slap to Heartland, a leading processor of credit and debit payments, by temporarily removing it from Visa's list of service providers that comply with Payment Card Industry Data Security Standards (PCI DSS). PCI compliant service providers adhere to a strict set of data security standards to protect consumers' card information and fight identity theft and fraud.
Visa has questioned Heartland's security compliance, especially at the time the processor was breached in 2008, saying no merchant that has been PCI compliant has been compromised. Heartland has countered that it was validated for PCI a month before the breach is thought to have begun, and critics have said Visa may be simply trying to dodge questioning of itself and its favored security standard. Visa indicated that it would re-place Heartland on its list of PCI compliant processors as soon as the company meets the standards, which Heartland CEO Robert O. Carr said his company could achieve in weeks.
The breach
Visa's move is one in a long string of events since Jan. 20, 2009, when, after being alerted by Visa and MasterCard of suspicious activity surrounding processed card transactions, Heartland announced that malicious software had compromised its data in 2008. The data potentially exposed through this breach includes card numbers, expiration dates and other data from the card's magnetic stripe, and in some cases, the names of customers who used debit or credit cards at Heartland's network of 250,000 businesses.
Heartland has not disclosed the extent of the breach, but industry officials have described it as one of the largest in history. Banks across the country moved quickly and began sending out replacement cards, and advised consumers to watch their account statements more closely than ever.
Source