FTC Grants Another Delay in Red Flag Rule Enforcement
Medical ID-Theft, Extortion, Credit Monitoring Services, and The State of Identity Protection

Heartland Is Once Again PCI-Approved. Will It Last?

Last Friday, ComputerWorld reported:

"The processing firm Heartland Payment Systems has been reinstated to Visa Inc.'s list of service providers deemed compliant with the Payment Card Industry Data Security Standard (PCI DSS). The move follows Heartland's successful completion of an annual assessment for compliance with the PCI standard, the company said in a brief statement released on Friday. Heartland had been dropped from the list of compliant vendors by Visa in mid-March following an investigation into the massive data security breach announced by Heartland in January."

Interested readers can download Visa's list of PCI-approved vendors (PDF format, 274 KB).

I don't feel warm and fuzzy by this move. First there are the outstanding class-action lawsuits against Heartland. Second, there is the lack of details surrounding Heartland's breach; especially when Heartland was deemed PCI-approved last time while hackers were simultaneously stealing thousands of consumers' sensitive card data.

The whole PCI-compliance decision was wrapped up way too quickly and neatly for my tastes. It just doesn't smell right.

The bottom line: consumers' trust has been broken by Heartland's breach. It'll take more than one press release to regain that trust.


Feed You can follow this conversation by subscribing to the comment feed for this post.

Rafal Los

I think the more important question is - "Does it matter?"

The comments to this entry are closed.