Princeton, NJ — May 19, 2010 Heartland Payment Systems^® (NYSE: HPY), the nation’s fifth largest payments processor, has entered into a settlement agreement with MasterCard Worldwide to resolve claims from MasterCard and its issuers related to the 2008 criminal intrusion into Heartland’s payment system environment. Under the agreement, alternative recovery offers totaling $41.4 million will be made to eligible MasterCard issuers with respect to losses alleged to have been incurred by them as a result of the criminal intrusion, and MasterCard will recommend that eligible MasterCard issuers accept such offers.

Bob Carr, Heartland’s chairman and chief executive officer, stated, “We are pleased to have reached an equitable settlement agreement that helps issuers of MasterCard-branded cards obtain a recovery with respect to losses they may have incurred from the intrusion. We look forward to working with MasterCard to encourage these issuers to participate in the settlement program for a speedy resolution.”

The settlement is contingent upon financial institutions representing 80 percent of the claimed-on MasterCard accounts accepting their alternative recovery offers by June 25, 2010. The settlement also includes mutual releases between Heartland and its sponsoring bank acquirers on the one hand and MasterCard and the accepting issuers on the other. Issuers that accept their alternative recovery offers must waive rights to any other recovery of alleged intrusion-related losses from Heartland and its sponsoring bank acquirers through litigation or other remedies and release MasterCard, Heartland and its sponsoring bank acquirers from all legal and financial responsibility related to the intrusion.

All eligible issuers will soon receive notification from MasterCard with full details of the settlement agreement and how to accept their alternative recovery offers before the offers expire.

Heartland Payment Systems has been removed from Visa’s list of PCI DSS compliant service providers. This is not in response to anything new, but rather in response to a review of what is arguably one of the largest data breaches ever, the Heartland Data Breach. Heartland is actively working on revalidation of PCI DSS compliance using a Qualified Security Assessor. Visa will consider relisting following the submission of their PCI DSS report on compliance.

Heartland Payment Systems is currently on probation which means they must meet more stringent security requirements than usual.

Interestingly, Robert Carr reports on the official company data breach site that as part of their undergoing their current audit, “Many of the firm’s recommended enhancements to our security have already been implemented, and others will be as part of the current audit.” Of course, I’d be surprised if any company wouldn’t get suggestions for improvement. But they’ve had months to identify and fix problems and you have to wonder why if they were fully compliant before, they would still be identifying problems at this stage.

Feb 24 (Reuters) – Heartland Payment Systems Inc (HPY.N) posted a lower-than-expected quarterly profit, cut its quarterly dividend by 72 percent and said it might incur losses from the recent security breach of its system, sending its shares to a lifetime low.

The company, which provides payment services to banks, said at this point of time it cannot estimate the amount of losses that might be incurred in connection with any claims made against the security breach.

It also forecast 2009 earnings below market expectations and slashed its quarterly dividend to 2.5 cents a share to preserve cash.

Shares of the company fell about 28 percent to touch a low of $5.51. They were down $1.88 at $5.77 in afternoon trade on the New York Stock Exchange.

Net income for the fourth quarter was $8 million, or 21 cents a share, compared with $6.8 million, or 17 cents a share, a year ago. Its quarterly profit, however, fell short of the average analyst’s estimate of 26 cents a share.

Total revenue rose 13 percent to $385.9 million, but was below the market expectation of $397.3 million.

For the full year, the credit-card processing company expects to earn $1.15 to $1.22 a share, which was below analysts’ expectations of $1.23 a share. It sees net revenue of between $430 million and $445 million for 2009.

“Clearly our biggest challenge in 2009 will arise from the system breach we suffered,” said Chief Executive Robert Carr, adding that the company will defend any claims that arise against the breach.

Last month, Heartland reported a system breach and stealing of credit card information by cyber thieves in 2008, and said cardholders would not be held responsible for unauthorized, fraudulent charges made by third parties.

There are increasing reports of ecommerce businesses reporting small transactions online- usually for a couple of dollars. Consumers have reported similar transactions on their statements, for purchases not made by them. In both cases, they are tied to stolen credit card data.

Some credit card issuers have taken a very aggressive stance in identifying these types of transactions, including developing special algorithms, and are calling consumers to tell them about suspected fraud. Their cards are being replaced at no cost to consumers. Reports of these transaction types have been increasing since late December.

Are they related to the Heartland Payment Systems data breach? Some banks are automatically replacing all cards issued if they have a Heartland relationship. Specific tie-ins to the $1 and $2 transactions have not been made public yet, but the timing seems to match up.

RECOMMENDATIONS

Three men in Florida were arrested earlier this week on multiple charges of credit card fraud, and some of the card numbers they allegedly used are tied to the Heartland hack.

The Leon County, FL. Sheriff’s office arrested area residents Tony Acreus, Jeremy Frazier and Timothy Johns, who had allegedly used stolen credit card numbers since November, according to Sgt. Tony Drzewiecki,
spokesman for the sheriff’s office.

According to the Tallahassee, FL. Democrat, the suspects were running “a very sophisticated and complex criminal enterprise.” Law enforcement is investigating how the three men were able to obtain credit card numbers
from the Heartland breach, which was first announced on January 20.

NOTE: The above article and similar ones are being posted around the internet. Is it true? I have found no evidence yet that it is. Here is the official press release regarding the arrest- no connection to the Heartland Data Breach is mentioned.

Leon County Sheriff’s Office, Tallahassee Police Department and United States Secret Service Shut Down Stolen Credit Card Ring

Cardholders File Class Action Against Heartland Payment Systems, Inc. For Loss of Credit and Debit Card Data; Filed By Berger & Montague, P.C.

PHILADELPHIA, Jan. 30 /PRNewswire-USNewswire/ — On January 29, 2009, the law firm of Berger & Montague, P.C. (www.bergermontague.com) filed a class action suit in the U.S. District Court for the District of New Jersey on behalf of all cardholders in the U.S. whose credit or debit card data was stolen from Heartland Payment System, Inc.’s payment processing network. Heartland processes credit and debit card transactions for more than 150,000 merchants nationwide.

The lawsuit seeks to redress Heartland’s failure to safeguard cardholder data, which was accessed and stolen by a computer hacker. Compromised information included credit and debit card numbers and card expiration dates. According to several media reports, 100 million card numbers may have been affected. Fraudulent activity has occurred on some of those cards.

Data thieves reportedly installed malicious software on Heartland’s payment processing network as early as May 2008. In late fall 2008, Visa and MasterCard alerted Heartland to suspicious activity on cards that Heartland previously processed. Heartland later announced that in mid-January 2009 it located and contained malicious software on its network. The lengthy delay between when the intrusion began and when it was contained reflects the inadequacy of Heartland’s security measures and intrusion detection systems.

Because of Heartland’s inadequate data security, cardholders have had their card information compromised, have been exposed to the risk of fraud, have spent and will spend time to monitor their accounts and dispute fraudulent charges, and have suffered other economic damages.

ABOUT OUR FIRM: Berger & Montague consists of over 60 attorneys who primarily represent plaintiffs in class action litigation. The firm has extensive experience in data breach, consumer fraud, securities fraud, and antitrust litigation. We have played lead roles in major cases over the past 30 years, resulting in recoveries of several billion dollars for class members. We were Co-Lead Counsel in a data breach class action against TJX Companies, Inc, owner of TJ Maxx, Marshalls, A.J. Wright, and HomeGoods, stemming from the then-largest theft of credit card information in history. That case settled in 2008 for benefits valued at over $200 million.

If you received notice from your card-issuing bank or credit union that your card data was compromised from the Heartland breach, and you would like to discuss your legal rights, please contact:

Sherrie R. Savett, Esq.

Michael T. Fantini, Esq.

Jon Lambiras, Esq.

Diane Werwinski, Paralegal

Berger & Montague, P.C.

1622 Locust Street

Philadelphia, PA 19103

Phone: 888-891-2289 or 215-875-3000

Fax: 215-875-4604

Email: dwerwinski@bm.net

Web: www.bergermontague.com

SOURCE Berger & Montague, P.C.

Heartland Payment Systems may be publicly touting that they continue to acquire new customers, but those in payment processing are getting a noticeable increase in calls from merchants wanting to out of Heartland now.

Restaurants and T&E are big industries for Heartland Payment Systems. Most of these also have a POS system. In order to change processors, the new processor typically completes a standard form and gives this to the POS company for the change. The form essentially changes where the transaction will occur. This is a very simple step. However, as the rush to exit Heartland grows, the processing of these changes will put a burden on third party POS providers to get them done.

Some merchants may have concerns about the ‘difficulty’ of changing. As stated above, it’s normally just a couple line items that change the processor. The rest of the programming set up is done at the processor. If an adjustment needs to be made after the initial set up, the processor does not need to get back in line with the POS company.

Most 3rd parthy POS providers charge a fee for the change. To ensure a quick and smooth transition, find a contact with your POS company. They will need you to sign off on the change. Our company will prepare the paperwork to change processors, the POS company will verify with you (faxed document) it’s OK to make the change, and then you get put in their queue for the change over. It’s instant once the POS company makes the software update.

If you’re considering leaving Heartland Payment Systems because of the 2008 data breach fall out, make your decision now rather than later and you’ll have a short wait with your POS provider. Three class action lawsuits have been filed and it could get ugly to get out later.

I’ll match any pricing you have, provided it is reasonable and we can make a profit.

Company Release – 01/20/2009 09:00

No merchant information or cardholder Social Security numbers compromised.

PRINCETON, N.J., Jan. 20 /PRNewswire-FirstCall/ — Payments processor Heartland Payment Systems has learned it was the victim of a security breach within its processing system in 2008. Heartland believes the intrusion is contained.

“We found evidence of an intrusion last week and immediately notified federal law enforcement officials as well as the card brands,” said Robert H.B. Baldwin, Jr., Heartland’s president and chief financial officer. “We understand that this incident may be the result of a widespread global cyber fraud operation, and we are cooperating closely with the United States Secret Service and Department of Justice.”

No merchant data or cardholder Social Security numbers, unencrypted personal identification numbers (PIN), addresses or telephone numbers were involved in the breach. Nor were any of Heartland’s check management systems; Canadian, payroll, campus solutions or micropayments operations; Give Something Back Network; or the recently acquired Network Services and Chockstone processing platforms.

After being alerted by Visa(R) and MasterCard(R) of suspicious activity surrounding processed card transactions, Heartland enlisted the help of several forensic auditors to conduct a thorough investigation into the matter. Last week, the investigation uncovered malicious software that compromised data that crossed Heartland’s network.

Heartland immediately took a number of steps to further secure its systems. In addition, Heartland will implement a next-generation program designed to flag network anomalies in real-time and enable law enforcement to expeditiously apprehend cyber criminals.

Heartland has created a website – www.2008breach.com – to provide information about this incident and advises cardholders to examine their monthly statements closely and report any suspicious activity to their card issuers. Cardholders are not responsible for unauthorized fraudulent charges made by third parties.

“Heartland apologizes for any inconvenience this situation has caused,” continued Baldwin. “Heartland is deeply committed to maintaining the security of cardholder data, and we will continue doing everything reasonably possible to achieve this objective.”

About Heartland Payment Systems

Heartland Payment Systems, Inc., a NYSE company trading under the symbol HPY, delivers credit/debit/prepaid card processing, payroll, check management and payments solutions to more than 250,000 business locations nationwide.

Heartland is the founding supporter of The Merchant Bill of Rights, a public advocacy initiative that educates merchants about fair credit and debit card processing practices. For more information, please visit www.heartlandpaymentsystems.com and www.MerchantBillOfRights.com.

Forward Looking Statements

This press release may contain statements of a forward-looking nature which represent our management’s beliefs and assumptions concerning future events. Forward-looking statements involve risks, uncertainties and assumptions and are based on information currently available to us. Actual results may differ materially from those expressed in the forward-looking statements due to many factors. Information concerning these factors is contained in the Company’s Securities and Exchange Commission filings, including but not limited to, the Company’s annual report on Form 10- K, or Form 10-Q as applicable. We undertake no obligation to update any forward-looking statements to reflect events or circumstances that may arise after the date of this release.

For More Information:
Nancy Gross
Phone: 215.519.7367
Email: Nancy.Gross@e-hps.com
SOURCE Heartland Payment Systems, Inc.