Visa removes Heartland from PCI Compliant list
Heartland Payment Systems has been removed from Visa’s list of PCI DSS compliant service providers. This is not in response to anything new, but rather in response to a review of what is arguably one of the largest data breaches ever, the Heartland Data Breach. Heartland is actively working on revalidation of PCI DSS compliance using a Qualified Security Assessor. Visa will consider relisting following the submission of their PCI DSS report on compliance.
Heartland Payment Systems is currently on probation which means they must meet more stringent security requirements than usual.
Interestingly, Robert Carr reports on the official company data breach site that as part of their undergoing their current audit, “Many of the firmâ€™s recommended enhancements to our security have already been implemented, and others will be as part of the current audit.” Of course, I’d be surprised if any company wouldn’t get suggestions for improvement. But they’ve had months to identify and fix problems and you have to wonder why if they were fully compliant before, they would still be identifying problems at this stage.