Heartland Payment Systems (HPY) has made it back onto Visa's list of PCI DSS Validated Service Providers. The announcement comes almost six weeks after the credit card payment processor was taken off the list and four months since it announced its networks had been breached and credit card information stolen.

Calling the recertification its "annual PCI DSS assessment," Heartland says it was put back on the list on May 4. VeriSign was the company hired to do the recertification work, says Jason Maloni, Heartland's spokeperson. The list, www.visa.com/cisp, says Heartland was recertified on April 30, and VeriSign is listed as the Qualified Security Assessor (QSA).

Visa requires all service providers that store, process or transmit Visa account data to validate PCI DSS compliance every 12 months. Businesses that validate their PCI DSS compliance utilizing a qualified security assessor (QSA) are listed on Visa's List of Compliant Service Providers.

"Earlier this year, Heartland Payment Systems publicly disclosed unauthorized access to their systems resulting in the compromise of card account information from all major card brands. Based on compromise event findings, Visa removed Heartland from its list of PCI DSS compliant service providers," says Eduardo Perez, head of global data security at Visa

Perez says that since January 20, when Heartland first announced the data breach publicly, Heartland worked with a QSA (VeriSign) to revalidate and submit a Report on Compliance. "Visa has reviewed their report and is satisfied that previous deficiencies have been addressed," Perez states.

Click to Get Updates on the Latest Information Security News

Company* Title* Email* Subscription Type: HTML Text Government Enews General Government Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Banking Enews General Banking Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Credit Union Enews General Credit Union Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Need Help?

Perez says Visa is pleased that Heartland has been committed to working diligently to improve its systems and meet the PCI DSS requirements. "It's essential that every business that handles payment card information adhere to the highest standards to protect the security and privacy of their customers' financial information. The PCI DSS remains an effective security tool when implemented properly - and remains the best defense for businesses against the loss of sensitive data."

The other company that was removed from the list during the same time period, RBS WorldPay, has not yet received recertification and is not back on the list. RBS WorldPay announced its computer systems were hacked in November 2008 and sent out notification letters (PDF) to affected cardholders beginning on December 23, 2008.