Heartland Back on Visa's List as PCI Compliant

RBS WorldPay Still Not Recertified After Data Breach

By Linda McGlasson, May 6, 2009.
Heartland Back on Visa's List as PCI Compliant

H

See Also: Stop Mobile Payment Fraud, Not Customers

eartland Payment Systems (HPY) has made it back onto Visa's list of PCI DSS Validated Service Providers. The announcement comes almost six weeks after the credit card payment processor was taken off the list and four months since it announced its networks had been breached and credit card information stolen.

Calling the recertification its "annual PCI DSS assessment," Heartland says it was put back on the list on May 4. VeriSign was the company hired to do the recertification work, says Jason Maloni, Heartland's spokeperson. The list, www.visa.com/cisp, says Heartland was recertified on April 30, and VeriSign is listed as the Qualified Security Assessor (QSA).

Visa requires all service providers that store, process or transmit Visa account data to validate PCI DSS compliance every 12 months. Businesses that validate their PCI DSS compliance utilizing a qualified security assessor (QSA) are listed on Visa's List of Compliant Service Providers.

"Earlier this year, Heartland Payment Systems publicly disclosed unauthorized access to their systems resulting in the compromise of card account information from all major card brands. Based on compromise event findings, Visa removed Heartland from its list of PCI DSS compliant service providers," says Eduardo Perez, head of global data security at Visa

Perez says that since January 20, when Heartland first announced the data breach publicly, Heartland worked with a QSA (VeriSign) to revalidate and submit a Report on Compliance. "Visa has reviewed their report and is satisfied that previous deficiencies have been addressed," Perez states.

Perez says Visa is pleased that Heartland has been committed to working diligently to improve its systems and meet the PCI DSS requirements. "It's essential that every business that handles payment card information adhere to the highest standards to protect the security and privacy of their customers' financial information. The PCI DSS remains an effective security tool when implemented properly - and remains the best defense for businesses against the loss of sensitive data."

The other company that was removed from the list during the same time period, RBS WorldPay, has not yet received recertification and is not back on the list. RBS WorldPay announced its computer systems were hacked in November 2008 and sent out notification letters (PDF) to affected cardholders beginning on December 23, 2008.

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Fight Email Fraud: New Strategies

Email fraud has existed since the advent of email. But the schemes are evolving and impacting...

Latest Tweets and Mentions

ARTICLE Fight Email Fraud: New Strategies

Email fraud has existed since the advent of email. But the schemes are evolving and impacting...

The ISMG Network