Visa Inc. has pulled Heartland Payment Systems Inc. and Royal Bank of Scotland Group PLC's RBS WorldPay from its list of companies that comply with the Payment Card Industry data security standards.
Heartland and RBS WorldPay will stay off the list until the two processors close the holes that led to the massive data breaches reported in January and December, Visa said Friday in an e-mail.
"Visa will consider relisting both organizations following their submissions of their PCI DSS reports on compliance," the San Francisco company said.
Both continue to handle Visa transactions.
Heartland has said it met the standards when its systems were last assessed in April. On Friday it said it is undergoing a PCI assessment, which it expects to complete by May "and will result in Heartland, once again, being assessed as PCI-DSS compliant."
WorldPay said in an e-mail statement Friday it expects its assessment to be complete by the end of April. "Because of the criminal intrusion, we need to be recertified earlier than the normal schedule."
Visa has voiced support for the PCI standards, saying they remain "an effective security tool when implemented properly" and "the best defense for businesses against the loss of sensitive data."
After Heartland disclosed its breach, Robert Carr, its chief executive, called for the industry to move to end-to-end encryption and for companies to share information about specific incidents.
The American Bankers Association has advocated that other payment companies be subject to the Gramm-Leach-Bliley Act risk-based standards that banks must follow.