Visa removes Heartland and RBS Worldpay from compliant list

[SolutionsGal]

This article talks about the recent removal of Heartland and RBS WorldPay from its compliant list. The question from us in the industry is: Will Heartland and RBS try to pass on the huge cost of this litigation onto its merchants?

http://www.bankinfosecurity.com/article … rt_id=1277

 

[Registered_Guest]

Re: Visa removes Heartland and RBS Worldpay from compliant l

The funny part of this is that both of them were certified as PCI compliant before their respective data breaches happened.

 

[SolutionsGal]

Re: Visa removes Heartland and RBS Worldpay from compliant l

Statement from Visa regarding Heartland.

"In a speech at the Global Security Summit, which Visa held in Washington last week, Ellen Richey, Visa’s chief enterprise risk officer, insisted that PCI is “an effective security tool when implemented properly.”

The breach at Heartland wouldn’t have happened, Richey said, if the payment processor had been vigilant about maintaining its PCI compliance. “No compromised entity has yet been found to be in compliance with PCI DSS at the time of a breach,” she said. "

 

[JRFPizza]

Re: Visa removes Heartland and RBS Worldpay from compliant l

Just wondering, who do you process through? FDMS?

 

[SolutionsGal]

Re: Visa removes Heartland and RBS Worldpay from compliant l

We have chosen to stay with the leaders in the industry, First Data and Paymentech platforms. They are the 2 largest processors.

In addition, no data is stored or directed to us in any way. The transaction leaves your business and goes directly to First Data or Paymentech’s platform.

 

[SolutionsGal]

Update on Visa, Heartland and RBS

just out a few hours ago, Heartland is fighting back but new lawsuit is filed for securities violation against Heartland. At least it clears up the merchant issue about being fined.

http://www.scmagazineus.com/Heartland-V … le/129358/

 

[Registered_Guest]

Re: Visa removes Heartland and RBS Worldpay from compliant l

SolutionsGal:

Statement from Visa regarding Heartland.

"In a speech at the Global Security Summit, which Visa held in Washington last week, Ellen Richey, Visa’s chief enterprise risk officer, insisted that PCI is “an effective security tool when implemented properly.”

The breach at Heartland wouldn’t have happened, Richey said, if the payment processor had been vigilant about maintaining its PCI compliance. “No compromised entity has yet been found to be in compliance with PCI DSS at the time of a breach,” she said. "

I guess the point of my post is this - why weren’t they removed from the PCI compliant list BEFORE the data breaches happened WHILE they were NOT PCI compliant? How many other companies on the current list are NOT actually PCI compliant?