RBS WorldPay and Heartland back on the validated Visa PCI DSS compliant list
July 07, 2009
By SearchFinancialSecurity.com staff 21 May 2009 | SearchFinancialSecurity.com Good news for Heartland and RBS WorldPay being back on the Visa Inc. PCI compliance list in a very short time frame. The breach's were discovered end of last year early 2009 and both organizations worked diligently with the investigative teams and their auditors to restore their PCI DSS compliance quickly. Congratulations!Maintaining the compliant security process requires strict due diligence and monitoring as the criminal syndicates operate with extreme sophistication today. They are able to quickly find and penetrate holes in processings systems take off with the cardholder data as if they literally had keys to the bank vault.
It remains difficult for law enforecement to find and arrest these criminals easily due to jurisdictional law. Criminals operate online without borders to stop their progress unlike our law enforcement agencies, although that is changing.
We need a collaberative and cooperative team effort between merchants, consumers, financial institutions, security professionals, the Card brands, governments, and law enforcement agencies world-wide to stem the criminal epidemic. The PCI DSS and PA-DSS are programs that if followed and enforced are the beginnings of an effective proactive approach to preventing the continued rise of criminal activity online.
RBS WorldPay said Wednesday it is back on Visa Inc.'s list of service providers that are validated as compliant with the PCI Data Security Standard.
Visa removed the Atlanta-based payment processor and Heartland Payment Systems Inc. from its list of PCI compliant service providers in March after data breaches at both companies were revealed. Heartland announced early this month that it was placed back on Visa's PCI compliance list.
RBS WorldPay, the U.S.-based payment processing division of the Royal Bank of Scotland Group plc, said it returned to both Visa's and MasterCard's lists of validated service providers following a successful completion of its PCI DSS assessment. The company said it's now certified on PCI DSS version 1.2.
In late December, RBS WorldPay disclosed that personal information of about 1.5 million pre-paid cardholders and other individuals was compromised when its computer system was hacked. The Social Security numbers of 1.1 million of those cardholders may also have been compromised, the company said.
The stolen data was used in a highly-coordinated ATM scam involving cloned payroll debit cards and reloadable gift cards.
The breach at RBS WorldPay was followed by Heartland's Jan. 20 announcement that intruders installed malware to pilfer data crossing the company's network.