May 14, 2009 - Linda McGlasson, Managing Editor, Bank Info Security
The Heartland Payment Systems (HPY) data breach has already cost the card processor millions in fines from Visa and MasterCard.
This news was revealed by CEO Bob Carr in Heartland's recent earnings call, wherein Carr said the much-publicized breach has already cost the company $12.5 million.
Other than legal fees and some related charges to the breach, much of that amount went toward fines imposed by Visa and MasterCard against Heartland's acquiring banks, Carr says. Heartland Payment Systems data breach coverage
A Visa source would not confirm the amount of the fine imposed, but Carr told investors that more than 50 percent of the $12.5 million relates to a fine that MasterCard assessed against its sponsor (acquiring) banks. "Ostensibly, because of an alleged failure by Heartland to take appropriate action upon having learned that its computer system may have been breached, and upon thereafter having discovered the intrusion," Carr states.
Heartland believes that it responded appropriately to all information that it learned regarding the possibility of a system breach and that, upon discovering the intrusion, it took immediate and extraordinary action to address the intrusion, Carr adds.
Heartland therefore considers the MasterCard fine to be in direct violation of both the MasterCard rules and applicable law, and the company "intends and is prepared to vigorously contest, and it has recommended to its sponsor banks that they vigorously contest through all means available, including litigation if necessary, any liability that may be asserted or imposed upon Heartland or its sponsor banks by reason of this fine," Carr says.
Click to Get Updates on the Latest Information Security News
Company*
MasterCard's spokesman Chris Montiero defended the fine levied against Heartland, saying, "MasterCard believes the fines it imposed were warranted and consistent with its Rules."
The $12.5 million Heartland has spent so far as a result of the network breach may be the beginning of costs incurred by the Princeton, NJ-based payments processor. A number of class actions suits by consumers and financial institutions impacted by the breach have yet to be heard in the courts.
The fines imposed by the credit card companies comes at the same time that Heartland has announced plans to offer its merchants end-to-end encryption capabilities. The plans that Heartland announced will protect the company's processing network with an end-to-end encryption system. Company officials say plans are to begin rolling out the solution to its merchants in the third quarter of this year. The merchants would pay for the installation of the equipment, but Heartland is already spending "millions" on developing the technology solution with Voltage Security, an encryption vendor.
No comments:
Post a Comment