Visa will NOT fine you for using Heartland or RBS

by Steve Ragan - Mar 25 2009, 16:30

Robert O. Carr, CEO of Heartland Payment Systems, has this week issued a statement reminding prospective and existing customers that they face no fines from Visa for using the company to process credit and debit payments. According to Carr, competitors are cashing in on Heartland’s data breach, using fear to get customers to switch.

Using fear to sell security, even compliance security, is nothing new to the world of commissioned sales. Sales people live off their clients, and the more they sell, the more they make. It should come as no surprise that competitors are using whatever tricks they can to lure Heartland's clients away. However, even Visa has advised existing Heartland and RBS clients they were free from worry with regard to fines.

“In its new statement, Visa said that card acceptors will not be subject to noncompliance fine assessments if all other standing PCI Data Security Standard (DSS) validation requirements have been satisfied,” said Gartner vice president Avivah Litan said in a recent research note.

“These terms will remain valid as long as the two payment processors continue to work on revalidating their own PCI compliance status, which they expect to complete within weeks. Visa has not publicly stated what specific system-related activities drove the processors out of compliance after their original certification.”

Carr said in his letter to customers that if they have been approached with warnings that they are no longer PCI compliant because of using Heartland, or that they face the risk of fines, this is simply not the case. Moreover, Heartland is taking the competition to task for their claims.

“Through a series of cease and desist letters, Heartland has informed competitors that their untrue and misleading claims are baseless and unlawful. Heartland intends to initiate legal action against them if they do not immediately stop making these claims,” the letter says.

So, as a business, should you be using Heartland or RBS? They were both found to be incompliant by Visa, and subsequently removed from its list of certified processors. They both suffered breaches that exposed sensitive account data. Yet, do those things mean that, as a business, you should stop using them if they are your processor?

The answer would come from the overall business model. It isn’t like either processor will fail to become PCI compliant before the end of summer -- if not sooner. Both have said they expect to meet compliance, with RBS indicating by the end of April, while Heartland says May.

Bearing that in mind, a company would have to take stock in the business model, as well as the future of the processor, before moving. There is also the cost to consider when switching, something that can weigh on a business's bottom line.

If your company is considering a move from Heartland or RBS based on the recent delisting, then move because it is good for the business, not because a company sold you on fear.

Want regular updates from The Tech Herald? Follow us on Twitter.

The Tech Herald: Visa removes Heartland and RBS WorldPay from PCI DSS list

Around the Web