Ending three months in the wilderness, Heartland Payments
Systems has returned to MasterCard’s and Visa’s validated service
provider lists following successful completion of its annual
Payment Card Industry Data Security Standard (PCI DSS) assessment
on 30 April.
Reinstatement ended a period during which the sixth-largest
payments processor in the US had been operating in a probationary
status following its announcement on 20 January that it had fallen
victim to a potentially massive data breach.
Perhaps surprisingly, Heartland came through its ordeal with less
damage than might have been expected.
In the first quarter of 2009, Heartland, which provides processing
services to some 250,000 merchants country-wide, reported a
transaction volume of $15.5 billion, up 17.4 percent compared with
the first quarter of 2008.
Growth was achieved despite attempts by certain unnamed rival
processors to gain advantage from the situation.
Heartland CEO Robert Carr told delegates to an investors’
conference earlier this month: “We have had some competitors
telling merchants they will be fined $10,000 a day if they stayed
However, Heartland did not escape unscathed financially in the
first quarter, reporting a net loss of $2.7 million compared with
an $8.7 million profit in the first quarter of 2008. Had it not
been for expenses directly attributable to the processing system
intrusion net income would have been $5.4 million.
Despite its validation as being PCI DSS complaint, Heartland is
pressing on with its strategy of taking security beyond the laid
“While they continue to support the PCI standard as necessary
improvements in the security of cardholder data, Heartland is
committed to going beyond this standard in order that both
merchants and cardholders can have the highest possible confidence
in the security of their payment card data,” Carr stressed at the
He continued that Heartland will introduce its fully encrypted
end-to-end terminal solution in the third quarter of 2009.
“We believe [this] will offer merchants the highest level of data
security in the marketplace,” said Carr.
Heartland is also in the forefront of a drive to develop a new
standard to protect cardholder data in the electronic payments
industry being spearheaded by the Accredited Standards Committee X9
(ASC X9), of which it is a member.
Accredited by the American National Standards Institute, the ASC X9
develops, maintains and promotes standards for all financial
services in the US and has pioneered standards for items including
the credit card magnetic stripe and ATM systems.
Though the ASC X9’s ‘Sensitive Card Data Protection Between Device
and Acquiring System’ initiative has yet to be formally launched,
the first preliminary planning meeting to discuss technical
approaches to improving data protection was hosted by Heartland on