Heartland Payments Systems is still taking its standing eight count after one of the worst data breaches in history, but with its Visa PCI DDS validation restored, the firm hopes to emerge with a sober lesson it can share with other firms to prevent future breaches.
“We now we have a greater appreciation for how brazen some of these organized cybercriminals are,” says Jason Maloni, a spokesman for Heartland in Princeton, NJ.
Count that as at least $12.5 million in appreciation—the amount the breach has cost the company thus far, including legal costs and fines from MasterCard and Visa. Heartland successfully completed its annual Payment Card Industry Data Security Standard (PCI DSS) assessment and has returned to Visa’s list of validated service providers. Visa had suspended Heartland, placing it on probation, though the firm was still allowed to process credit card transactions. Heartland, which reported a $2.5 million first quarter loss last week compared to net income of nearly $9 million in 2008, also faces a handful of class action suits connected to the breach.
Heartland says it's working on a number of new security measures to prevent further breaches, such as end-to-end encryption, and is playing an active role in encouraging information sharing efforts among payments processing firms. The payments processing firm believes its Visa reinstatement is a major step on the road to recovery. “This should clear up any controversy that anyone has when dealing with Heartland,” Maloni says.
Maloni adds Heartland recently attended the first meeting of the Payments Processing Information Sharing Council, an industry group formed in part by the efforts of Heartland CEO Robert Carr. Carr has been an outspoken advocate of cross industry preventative measures and cooperation to mitigate date breaches, though the level of buy in among other major payments firms has been uncertain. The group of 15 to 20 processors—Maloni wouldn’t disclose who did and didn’t participate—met to discuss data security breaches and preventative measures. “It was a robust discussion, and one that was long overdue.”
