Visa says RBS Worldpay and Heartland not PCI compliant
The payment processors are put in a difficult position after Visa takes away their industry card payment security certification following data breaches.

Visa has taken the Royal Bank of Scotland Group's RBS Worldpay and US payments processor Heartland Payment Systems off its list of Payment Card Industry Data Security Standard (PCI DSS) compliant service providers.
It means the two companies are no longer considered compliant by the Payment Card Industry Security Standards Council (PCI SSC), created by Visa and other leading card issuers. These are the gold standard technical requirements created to help organisations that process card payments prevent credit card fraud, hacking and other security vulnerabilities.
It comes after Heartland Payment Systems fell victim to a massive security breach that potentially exposed customer information involving 100 million transactions. RBS Worldpay was hit by a hack, which the FBI said led to a million dollar ATM scam.
In a statement given to the Tech Herald, Visa said: "Based on compromise event findings, Visa has removed Heartland and RBS Worldpay from its list of PCI DSS compliant service providers."
RBS Worldpay replied in a statement to the Tech Herald that it received its last certification of compliance in June 2008, but that it was required to obtain a new one due to the data breach and was removed from the compliance list until it was complete.
It said: "There have been no material system changes that would have negatively altered this certification and we have in fact enhanced the security of our systems in the interim.
"Because of the criminal intrusion, we need to be recertified earlier than the normal schedule."
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
Heartland replied in a statement that it was cooperating fully with Visa and other card brands.
It said: "Heartland was certified as PCI-DSS compliant in April 2008 and expects to continue to be accessed as PCI-DSS compliant in the future.
"We're undergoing our 2009 PCI-DSS assessment now, which Heartland believes will be complete no longer than May 2009 and will result in Heartland, once again, being assessed as PCI-DSS compliant."
Companies which are found to be noncompliant with PCI rules face fines of up to $100,000 (70,600) a month or could see an end to their relationships with the big card firms. However, penalties are generally not openly discussed and the PCI had yet to respond for request for comment on the issue at the time of writing.
Click here to read why the PCI's Bob Russo thinks the damage to brand from a data breach is worse than a fine.
-
The IT industry’s shift to circular, low-carbon solutions
Maximize your hardware investment and reach your sustainability goals with HP’s Renew Solutions
-
Lenovo ThinkPad X9 14 Aura Edition review
Reviews This thin and light ultraportable will draw you in with its vibrant screen – but it isn't as powerful as some of its competitors
-
Mastercard scraps passwords in online security drive
News Visa will also work with Mastercard to roll out an innovative way of securing online payments
-
Hacker comes clean over Visa-Mastercard data breach claims
News Computer hacker claims leaked contact details came from banks, not credit card companies as first suggested.
-
Visa and Mastercard at centre of alleged data breach
News Hacker claims to have leaked firms' customer details.
-
Mastercard drops Global Payments from PCI approved vendors list
News Credit card company follows Visa's lead by axing support for Global Payments over data breach.
-
Visa drops Global Payments from PCI compliant list
News Visa has droped Global Payments from its PCI compliant list, following the exposure of 1.5 million credit card numbers.
-
Visa and MasterCard WikiLeaks donations reopened
News Julian Assange will be happy to see Visa and MasterCard donations can now be made via WikiLeaks partner DataCell.
-
Visa tech claims $1.5 billion fraud savings
News Visa believes its updated fraud detection technology will provide some big returns.
-
DataCell launches legal action against Visa and MasterCard
News The credit card giants have no longer just got distributed denial of service attacks from WikiLeaks supporters to contend with.