|
Visa Removes Heartland, RBS Worldpay from PCI List |
|
|
|
Heartland Payment Systems and RBS Worldpay have been removed from Visa Inc.'s list of PCI compliant service providers and will have to undergo new PCI assessments and reapply for inclusion on the compliance list, according to a Visa announcement.
Visa's action came after the two companies revealed they were victimized by hackers who managed to plant malicious software in the companies' internal processing systems and steal card data from the unencrypted data stream.
Heartland had been listed as under review -- but still compliant -- prior to Friday's announcement, but now Visa has removed the Princeton, N.J.-based company from its lengthy list of service providers compliant with the Payment Card Industry Data Security Standard (PCI DSS). It was unclear whether RBS also had been under review.
"Heartland and RBS WorldPay are actively working on revalidation of PCI DSS compliance using a qualified security assessor (QSA)," said a Visa statement. "Visa will consider relisting both organizations following their submissions of their PCI DSS reports on compliance."
Heartland issued a statement March 13 that said it currently is undergoing a PCI assessment and hopes to be recertified as compliant by May.
"Heartland is cooperating fully with Visa and other card brands and we are committed to having a safe and secure processing environment," the statement said. "Heartland was certified as PCI DSS compliant in April 2008 and expects to continue to be assessed as PCI DSS compliant in the future."
A statement on Friday from RBS said the processor was planning to be recertified by April.
"Visa has asked us to obtain a new certification of PCI compliance because of the recent data-security compromise," the statement said. "Visa has removed us from its list of approved PCI-compliant processors until the new certification is complete. There have been no material system changes that would have negatively altered this certification and we have, in fact, enhanced the security of our systems in the interim. Because of the criminal intrusion, we need to be recertified earlier than the normal schedule." |
