Heartland settles with Am Ex

Saturday, December 19, 2009

The severe financial implications of suffering a data breach were highlighted this week as payment processing firm Heartland Payment Systems revealed it has reached a settlement agreement with American Express of nearly $4million.

Heartland, the fifth largest payment processor in the United States, suffered a massive data breach in 2008 which it disclosed in January of this year, after hackers infiltrated its network.

The firm has already revealed it has set aside a fund of over $12million to pay credit card companies compensation but the $3.6m settlement with American Express is the first specific agreement named.

“We are pleased to have reached an equitable settlement with American Express,” commented Bob Carr, Heartland’s chairman and chief executive officer. “This settlement marks the first agreement with a card brand related to the intrusion.”

The news will serve as another timely reminder to firms who take data security and compliance with the Payment Card Industry Data Security Standard (PCI DSS) lightly.

Although the legal costs and fines - as well as the cost of being recertified as PCI compliant - are easily quantifiable, the damage to a firm’s brand and reputation is likely to be both greater and more significant.



Post a Comment