Visa Removes Heartland and RBS WorldPay Payment Processors from its list of DSS Certified Providers
Friday 13, March 2009 Visa announced they are going to remove Heartland Payment Systems and RBS WorldPay from its list of service providers compliant with payment industry guidelines. Visa took this decision because of the massive data breaches in recent months. Visa, MasterCard, American Express, and two other organizations require all merchants who use their cards to comply with the DSS. Each merchant must by be audited once per year by a PCI-approved assessor.
A statement on Friday from RBS
Visa has asked us to obtain a new certification of PCI compliance because of the recent data-security compromise, Visa has removed us from its list of approved PCI-compliant processors until the new certification is complete. There have been no material system changes that would have negatively altered this certification and we have, in fact, enhanced the security of our systems in the interim. Because of the criminal intrusion, we need to be recertified earlier than the normal schedule,
RBS WorldPay offers payment-processing solutions that cover credit, debit, Electronic Bank Transfers, gift cards, customer loyalty cards, checks, ATM, and tailored solutions for retail. RBS WorldPay confirmed at December 23, 2008 that at the beginning of November unidentified parties had illegally obtained access to its computer systems and potentially compromised the personal information of 1.5 million customers.
Internal audit done by Visa Warning discovered that transaction data passing through Heartland Payment Systems network had been intercepted and a significant number of credit cards had been compromised.
Gartner analyst Avivah Litan comments
Retailers and other companies are not allowed to do business with processors that are not PCI compliant, so this puts all of Heartland’s customers and all of RBS’s customers out of compliance.
