|
By Mel Duvall
Heartland Payment Systems, one of the country’s largest credit card payment processors, said Friday it has agreed to a settlement that could see it pay up to $60 million to issuers of Visa cards as a result of a breach it suffered in 2008.
The company, which is headquartered in Princeton, N.J., said under the terms of the deal reached with Visa, issuers of Visa credit cards can apply for losses they may have incurred as a result of the breach. The deal is contingent upon acceptance by financial institutions representing 80 percent of the eligible issuers’ U.S. accounts that Visa considers to have been placed at risk.
Bob Carr, Heartland’s chairman and chief executive officer, said he believes the deal is a “fair settlement” for both sides. In addition, he said the company continues to take steps to boost security to prevent future breaches.
“We have assumed a leadership position in the development of enhanced data security and fostering the sharing of information,” he said in a statement announcing the settlement.
The Heartland breach was disclosed in January 2009. The U.S. Department of Justice has charged Albert Gonzalez of Florida and several others in the breach, which was believed to have affected as many as 130 million credit cards from Visa, American Express and Master Card.
Gonzalez pleaded guilty to charges related to the Heartland breach in December, and is facing charges related to two other hacker attacks. He was handed a 17-year prison sentence for the Heartland intrusion.
This was the second settlement Heartland has reached with credit card issuers. In December Heartland agreed to pay American Express $3.6 million “to resolve intrusion-related issues.” In December, Heartland also announced it had entered into an agreement to settle a consumer class action suit related to the breach, under which it agreed to pay up to a maximum of $2.4 million to consumers involved in the class action and cover legal costs.
While the data breach was a blow to Heartland’s reputation, it has taken steps over the past year to bolster its security. Not long after the breach was disclosed Heartland announced that it had formed an internal department dedicated to development of end-to-end encryption to protect merchant and consumer data used in payment processing. The company said it had been working on implementing the encryption for some time, but decided to ramp up its efforts as a result of the breach.
One major customer, 7-Eleven, agreed to a seven-year extension of its contract with Heartland in December, covering payment processing for 5,800 convenience stores.
Only registered users can write comments.
Please login or register. |
