Visa drops processors from compliance list after breaches
Visa Inc. last week removed breached payment processors Heartland Payment Systems Inc. and RBS WorldPay Inc. from its list of companies that are compliant with the PCI data security rules. But analysts said the move may be more about protecting Visa itself than about safeguarding payment card data.
In a terse statement issued last Friday, Visa said it was removing Heartland and RBS WorldPay from its list of PCI-compliant service providers (download PDF) in response to the recent data breaches disclosed by each company. The decision to delist the two payment processors was based on "compromise event findings," Visa said without elaborating. The company added that it would "consider" Heartland and RBS WorldPay back on the compliant list, but only after they are recertified by a third-party assessor.
Meanwhile, reports posted by online news site BankInfoSecurity.com and several blogs that follow the payment card industry blogs also cited a March 12 letter from a Visa executive to banks notifying them that Heartland was now "in a probationary period" during which it would have to meet more stringent security requirements than usual.
Strictly speaking, said Gartner Inc. analyst Avivah Litan, Visa's actions mean that merchants can't use either Heartland or RBS WorldPay to process payments if they themselves want to remain compliant with the PCI rules, which are formally known as the Payment Card Industry Data Security Standard (PCI DSS).
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
visa
Powered by Twitter
jfruh
Apple syncing patent can't come soon enough
pasmith
New Twitter features borrow from 3rd party clients
Esther Schindler
Open Source Changes the Software Acquisition Process
mikelgan
How to set up continuous podcast play on the new iTunes
David Strom
Five important Windows 7 mobility features
sjvn
Guard your Wi-Fi for your own sake
Sandra Henry-Stocker
Grepping on Whole Words
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
