Monday, May 11, 2009

Heartland NOT PCI Compliant When Breached!

Both Visa and MasterCard have officially gone on the record saying the Heartland Payment Systems was NOT PCI compliant at the time of the breach. 

When you take that into account and add the following 9 items, things don't look so good for Heartland Payment Systems:
  1. MasterCard has levied a $6 million dollar fine against the company
  2. Visa has not yet announced the amount of their fine.
  3. The breach (so far) has cost Heartland $12.6 million dollars
  4. HPY has seen a $100+ million drop in their market cap
  5. Shareholders have filed a class-action lawsuit
  6. Consumers have filed class-action lawsuit
  7. Banks have filed a class-action lawsuit
  8. Robert O. Carr is being investigated by the SEC for possible stock trading improprieties
  9. The last processor (CardSystems) to be breached went belly-up

    Heartland wants to talk about "end-to-end-encryption" (E2EE) but it's too late.  If they were NOT PCI compliant, the end-to-end is over...what begins now is the "beginning of their end.  Any guesses as to how they'll end up?  Hint: This does not get categorized as "Tales from Encrypt."  Back to plain ol'
    Crypt.

    Here's why they are dead in the water.  Attorneys fees and potential for treble damages on not one, not two, but THREE class-action lawsuits will "definitely" take their toll.  But, of more immediate concern is the cost to reimburse the banks for having to reissue all those new bank cards.  Some have estimated that cost is upwards of $200 per replacement.  Some have estimated that 100 million accounts were breached.  One-million reissued cards would cost Heartland $200 million.     

    But is Robert O. Carr done?  At least Bobby O. made millions from the sale of his shares between the time the breach occurred and the time it was announced.  (To refresh your memory, Heartland displayed the utmost in transparency when deciding to announce the "biggest breach" in the history of the United States during Barrack Obama's inauguration. 

    Gee, what a coincidence, eh?  As coincidental as selling hundreds of thousands of shares of stock after the breach occurred. 

    Some of you might be wondering why I'm so hard on poor poor Robert (Bob) O. Carr.  I know it's noticeable to those who read my Heartland posts, but I'm not quite sure if  I ever did explain my sarcastic disdain.

    Let me tell you about the time I met Bob Carr face to face.  It was down in St. Louis, in 1997 I believe, the weekend he was recruiting his initial influx of ISO's for Heartland Payment Systems. I talked with him about 15-20 minutes and stood around for another 25 or so listening to him talk to others and...suffice it to say that he was one of the most brutally arrogant SOB's I've had the displeasure to meet in my life.  Now let me be clear.  I don't mind the "self-confident" arrogance.  I'm talking the
    condescending, "I'm better than everybody" arrogance.  You know, the kind of arrogance that permeates the room with my shit don't stinkedness?  The kind of arrogance that screams"rules don't apply to me?"  Speaking of which, I  for one, won't be surprised in the least if the SEC investigation turns up evidence of "rules don't apply to me" behavior.

    He may have changed since 1997 however...Press Releasing the breach on Inauguration Day says differently.   Where was the end-to-end-encryption before the breach?  Too late now.  You've lost millions Bobo...and in my humble opinion, it couldn't have happened to a better (than everybody) guy! 

Heartland Data Breach: Is End-to-End Encryption the Answer?The announcement by Heartland Payment Systems (HPY) that it will offer its merchants end-to-end encryption capabilities is seen as a positive step by industry experts. Yet, these same experts also warn that this measure will not solve all of the security issues that Heartland and other payment processors face from hackers.

In Heartland's first-quarter earnings call last Thursday, company officials said so far last year's well-publicized data breach has them $12.6 million. The amount includes legal costs and fines from Visa and MasterCard, both of which have stated the payment processor wasn't compliant with PCI standards at the time of the breach.

Read Entire Article
  
   


Reblog this post [with Zemanta]

Disqus for ePayment News