Heartland Data Breach: Visa Questions Processor's PCI Compliance
Visa Executive: "We've Never Seen Anyone Who Was Breached That Was PCI Compliant"
Despite the Heartland Payment Systems (HPY) data breach and other noted compromises, Visa staunchly supports the Payment Card Industry Data Security Standard (PCI DSS).
This is the message from Adrian Phillips, Visa's Deputy Chief Enterprise Risk Officer, who in an exclusive interview hammers home the credit card company's support for the security standard - and suggests that, contrary to Heartland's own statements, the payment processor may not have been PCI compliant when it was breached sometime in 2008.
"We've never seen anyone who was breached that was PCI compliant," Phillips says without specifically naming - or excluding -- Heartland. "The breaches that we have seen have involved a key area of non-compliance."
Editor's Note: Meanwhile the House is blaming V/MC...see next post and Heartlands stock (see chart below) continues it's free fall. (well maybe not a "free" fall...it's costing shareholders some major kahunas. And they're so UN-HPY...they're suing...
Interviewed during last week's Visa Security Summit in Washington, D.C., Phillips acknowledges Heartland and other recent breaches, but uses them as an opportunity to support the PCI standard. "Let's remember we've had some bad breaches, but if we had not had PCI DSS, it would have been much worse," Phillips says. "As of today, I am confident that PCI DSS works."
Phillips comments come one week after news that Visa had removed Heartland Payment Systems from its certified PCI-DSS Compliant Service Providers list.
Continue Reading at Bank Info Security