Visa Sanctions: Heartland Issues Statement

March 13, 2009 by ADMIN

Share |

Editor’s Note: The following statements were provided via email by Heartland Payment Systems (HPY) . We appreciate Heartland’s willingness to communicate with us directly.

STATEMENT FROM HEARTLAND PAYMENT SYSTEMS
March 13, 2009

Heartland Payment Systems (NYSE: HPY) is pleased to continue our long relationship with Visa. Heartland is cooperating fully with Visa and other card brands and we are committed to having a safe and secure processing environment. Heartland was certified as PCI-DSS compliant in April 2008 and expects to continue to be assessed as PCI-DSS compliant in the future. We’re undergoing our 2009 PCI-DSS assessment now, which Heartland believes will be complete no later than May 2009 and will result in Heartland, once again, being assessed as PCI-DSS compliant.

At the same time Heartland is committed to promoting additional measures such as end-to-end encryption so that both merchants and cardholders can have the highest possible confidence in the payment card industry’s program for protecting the security of payment card data. This is what they expect and deserve and Heartland intends to be a leading voice in persuading the payment card industry to accept this challenge.

Heartland Payment Systems

Comments By Laura Wilson

The data access chain involving our sensitive systems and data is under attack - I think we’re all clear on that. Security experts from government, research, and multiple industries have recently spoken publicly about the infosec threat.

Here’s our team’s overriding concern: The compromise of this sensitive information, and of our critical infrastructure, are significant homeland security threats; it is inevitable that this compromised information will be used for terrorism.

The bad guys already know this; it’s our Information Fiduciaries that didn’t get the word.

My belief, based on experience and vetted by many of my expert colleagues, is that very few of the Information Fiduciaries, who hold these information assets in trust, have a holistic picture of the security or insecurity of this data access chain. I believe it entirely possible, even likely, that there may be more than one broken security link in the data access chain, thus several weak links or possible joint causes of a security breach.

Disclosure: I do not have investments in either of the companies mentioned in the above statement, and have zero interest in moving markets. I do not, as far as I know, have specific, non-public information about either of these companies mentioned. Obviously, my colleagues and I work on this problem, and have a professional interest in helping to solve it.

But whether organizations work with our team or not, the fact remains that the infosec gap must be fixed.

Laura is a business consultant and an advocate for information security, consumer protection, long-term shareholder value, and better management decisions. Her specialty is finding and fixing risks and threats to sensitive data. Her experience includes international banking, credit card, and mortgage companies, venture capital portfolio companies, and software and technology providers. She practiced law in Silicon Valley during the tech boom and meltdown, handling corporate governance and information protection.

Other Heartland Articles:

►Visa Puts Heartland on Probation Over Breach

► There is No Delight in Being Right

► Heartland Now Under SEC Investigation

► Another Payment Card Processor Hacked

► Heartland Update: Reps Respond to Questions

► Did Heartland CEO Make Insider Trades?

► Heartland Breach Bad As Tylenol Poisonings?

These icons link to social bookmarking sites where readers can share and discover new web pages.