Heartland to fight MasterCard data breach fine
12 May 2009 | 11192 views | 0
Heartland Payment Systems says a fine of over $6 million imposed on it by MasterCard in relation to the massive data breach it suffered last year is illegal and will be contested.
Reporting first quarter results, the firm revealed it incurred $12.6 million in expenses and accruals attributable to the massive data breach, which saw malicious software in the firm's processing system potentially compromising the card data of millions of people.
The costs contributed to a first quarter Gaap net loss of $2.5 million.
In an earnings call, Heartland CEO Robert Carr says over 50% of the $12.6 million expense relates to a fine MasterCard assessed against the processor's sponsor banks.
The fine was imposed because of an alleged failure by Heartland to take appropriate action once it learned that its systems may have been breached.
Carr says the company responded appropriately and "upon discovering the intrusion it took immediate and extraordinary action to address the intrusion" and also "fully co-operated" with MasterCard's investigation into the breach.
"Heartland therefore considers the MasterCard fine to be in direct violation of both the MasterCard rules and applicable law and it intends and is prepared to vigorously contest and it has recommended to its sponsor banks that they vigorously contest, through all means available including litigation if necessary any liability that may be asserted or imposed upon Heartland or its sponsor banks by reason of this fine," says Carr.
In better news, Carr says the company has been recertified as PCI compliant. This comes after it was dropped from Visa's list of compliant service providers in the wake of the breach.
Carr says he hopes this "will end once and for all the host of falsehoods and misleading statements that a few competitors have been using".
In March the firm threatened legal action against competitors it accused of misleading merchant customers with claims they would be penalised for doing business with the processor after it was struck off Visa's list compliant service providers.
The company has also committed several million dollars to an end-to-end encryption system that it will begin rolling out with its merchants in the third quarter.