Mastercard issued Heartland with heavy fine for ‘failure’

Heartland Payment Systems, the US payment processor that suffered a massive security breach leaving customer transactions exposed, lost $12.6 million (8.4 million) in costs directly related to the intrusion.

According to an earnings conference call transcript, chief executive Robert Carr said that more than 50 per cent of the expense related to a fine that Mastercard assessed against Heartland's sponsor banks.

"Obstensibly because of an alleged failure by Heartland to take appropriate action upon having learned that its computer system may have been breached," Carr said.

However, the chief executive claimed that Heartland responded properly to the possibility of a computer breach and took "immediate and extraordinary" action to address the breach.

Carr said that Heartland was going to "vigorously contest" the size of Mastercard's fine.

Heartland found out about the breach in January last year, notifying law enforcement as well as the card brands involved, with the data taken enough to have been used to duplicate cards.

However, there was good news for the beleaguered credit card processor, as earlier this month it returned to Visa's list of PCI DSS compliant service providers after being taken off in March.

Carr suggested that it could be a wake up call for other companies involved in securing card holder data, as Heartland would go beyond' the PCI standard and were on schedule to introduce a fully encrypted end-to-end terminal solution.