Visa Suspends Heartland: A Little Revisionist History?
Evan Schuman writes on StorefrontBacktalk:
Visa struck back at both Heartland on Thursday (March 12), suspending the data breach victim and removing it from Visa’s online list of PCI DSS compliant providers. Visa’s chief enterprise risk officer, Ellen Richey, told banks the news in an E-mail Thursday.More here.
Richey described Heartland’s status as being “in a probationary period,” during which it can still accept payments, assuming it meets various new requirements. Heartland “is now in a probationary period, during which it is subject to a number of risk conditions including more stringent security assessments, monitoring and reporting. Subject to these conditions, Heartland will continue to serve as a processor in the Visa system.”
Heartland issued a statement Friday (March 13) that didn’t address Visa’s suspension, but was clearly prompted by it. “Heartland Payment Systems is pleased to continue our long relationship with Visa. Heartland is cooperating fully with Visa and other card brands and we are committed to having a safe and secure processing environment,” the statement said, which added that Heartland was certified as PCI-DSS compliant in April 2008 and “expects to continue to be assessed as PCI-DSS compliant in the future. We’re undergoing our 2009 PCI-DSS assessment now, which Heartland believes will be complete no later than May 2009 and will result in Heartland, once again, being assessed as PCI-DSS compliant.”
In Richey’s E-mail, she also referenced Heartland’s comments to Visa that it hopes to assessed PCI compliant soon. Heartland “will be relisted once it revalidates its PCI DSS compliance using a Qualified Security Assessor and meets other related compliance conditions.”