Heartland in US$60m settlement with Visa issuers

Heartland Payment Systems, the fifth largest payments processor in the United States, has agreed to pay issuers of Visa-branded credit and debit cards up to $60 million (A$64m) in compensation for losses they incurred after the massive data breach it suffered in 2008.

Heartland revealed in January of last year that hackers had infiltrated its computer systems and planted malware on its servers designed to steal card data – in the region of 100 million cards are thought to have been compromised.

Heartland’s chairman Bob Carr said he was pleased to have reached a “fair settlement agreement” regarding the losses issuers may have suffered as a result of the intrusion.

“At Heartland, we are also committed to helping issuers – as well as all stakeholders in the payment ecosystem – mitigate future risk,” he added.

“We have assumed a leadership position in the development of enhanced data security and fostering the sharing of information.”

Ellen Richey, chief enterprise risk officer at Visa, urged issuers to participate in the settlement program while emphasising Visa’s security credentials.

“Helping financial institutions mitigate costs after a data security breach has been a long-standing component of Visa’s security strategy, along with promoting new security technologies, preventing fraud and leading efforts to secure sensitive data across the entire payment system,” she said.

The Visa payout comes just a month after Heartland announced a similar settlement with American Express of US$3.6m, and yet again highlights the financial penalties that can result when IT systems are compromised.