Heartland Data Breach: MasterCard, Visa Impose Hefty Fines

Processor says it Has Already Spent $12.5 Million in Fees, Penalties
Heartland Data Breach: MasterCard, Visa Impose Hefty Fines
The Heartland Payment Systems (HPY) data breach has already cost the card processor millions in fines from Visa and MasterCard.

This news was revealed by CEO Bob Carr in Heartland's recent earnings call, wherein Carr said the much-publicized breach has already cost the company $12.5 million.

Other than legal fees and some related charges to the breach, much of that amount went toward fines imposed by Visa and MasterCard against Heartland's acquiring banks, Carr says. Heartland Payment Systems data breach coverage

A Visa source would not confirm the amount of the fine imposed, but Carr told investors that more than 50 percent of the $12.5 million relates to a fine that MasterCard assessed against its sponsor (acquiring) banks. "Ostensibly, because of an alleged failure by Heartland to take appropriate action upon having learned that its computer system may have been breached, and upon thereafter having discovered the intrusion," Carr states.

Heartland believes that it responded appropriately to all information that it learned regarding the possibility of a system breach and that, upon discovering the intrusion, it took immediate and extraordinary action to address the intrusion, Carr adds.

Heartland therefore considers the MasterCard fine to be in direct violation of both the MasterCard rules and applicable law, and the company "intends and is prepared to vigorously contest, and it has recommended to its sponsor banks that they vigorously contest through all means available, including litigation if necessary, any liability that may be asserted or imposed upon Heartland or its sponsor banks by reason of this fine," Carr says.

MasterCard's spokesman Chris Montiero defended the fine levied against Heartland, saying, "MasterCard believes the fines it imposed were warranted and consistent with its Rules."

The $12.5 million Heartland has spent so far as a result of the network breach may be the beginning of costs incurred by the Princeton, NJ-based payments processor. A number of class actions suits by consumers and financial institutions impacted by the breach have yet to be heard in the courts.

The fines imposed by the credit card companies comes at the same time that Heartland has announced plans to offer its merchants end-to-end encryption capabilities. The plans that Heartland announced will protect the company's processing network with an end-to-end encryption system. Company officials say plans are to begin rolling out the solution to its merchants in the third quarter of this year. The merchants would pay for the installation of the equipment, but Heartland is already spending "millions" on developing the technology solution with Voltage Security, an encryption vendor.


About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.




Around the Network