Posted on May 11th, 2009 No comments
Heartland Payment Systems has apparently decided that being a data breach victim doesn’t mean that it has to be victimized by the card brands. At least that’s the impression from how Heartland CEO Robert Carr is reacting to more than $6 million in fines imposed on it by MasterCard, fines that that he said were illegal and that he plans to “vigorously contest” the fines.Data breach victims pushing back against fines is nothing new, but a processor calling out one of the two largest card brands and doing it during a very public investor conference call, well, that’s a bit different.
Posted on May 4th, 2009 No comments
The back-and-forth compliance dance that is being forced upon Heartland Payment Systems took its latest journey through the PCI Looking Glass Friday (May 1), with Heartland declaring that it has now returned to Visa’s list of PCI DSS validated service providers (aka the list of providers that Visa heartily recommends today but will deny ever having heard if they’re breached tomorrow).The journey began when Heartland was certified PCI compliant April 2008. A few months later, Heartland was severely breached and Visa began its revisionist history dance. Given a public stance that no PCI-compliant merchant or processor had ever been breached, Visa determined that Heartland therefore could not have been truly compliant in April 2008