GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View PDF of this issue

Care to Share?


Table of Contents

Lead Story

New federal watchdog eyes prepaid cards

News

Industry Update

Heartland nearing closure on breach after favorable ruling

Forensics expert, Google differ on Wallet security

The future of contactless payments

Payment predictions for 2012

Features

PCI SSC rolls out new SIGs

Highlights from Inside Microfinance

Patti Murphy
ProScribes Inc.

Show us the money! - Growing business online by accepting more forms of payment

Brian Crozier
UseMyServices.com

Research Rundown

ISOMetrics:
Online shopping up for holiday season 2011

Lessons from the lemonade stand

Selling Prepaid

Prepaid in brief

Banks exhibit 'appetite for prepaid'

The game card opportunity beyond U.S. borders

Education

Street SmartsSM:
The Durbin Amendment: Bust or boon for the industry?

Bill Pirtle
C3ET Credit Card Consortia for Education & Training Inc.

Kick off 2012 with a plan for success

Peggy Bekavac Olson
Strategic Marketing

Keep it honest in 2012

Jeff Fortney
Clearent LLC

PCI: The year in review, the year to come

Tim Cranny
Panoptic Security Inc.

Company Profile

RocketPay LLC

PAX Technology Inc.

New Products

Going global with online payments

Global Gateway e4
First Data Corp.

A platform for multichannel retailers

Multi-Channel Retail Management Suite
Retail Anywhere

Inspiration

Work through discomfort, expand your reach

Departments

10 Years ago in
The Green Sheet

Forum

Resource Guide

Datebook

Miscellaneous

2012 Calendar of events

A Bigger Thing

The Green Sheet Online Edition

January 09, 2012  •  Issue 12:01:01

previous next

Heartland nearing closure on breach after favorable ruling

Nearly all bank claims filed against Heartland Payment Systems Inc. in the aftermath of its massive data theft, initially reported in January 2009, were dismissed by U.S. Southern District of Texas Judge Lee Rosenthal Dec. 7, 2011.

The ruling

Nine banks filed complaints against Heartland following the theft of data from nearly 130 million credit and debit cards. The banks sought damages from Heartland for alleged negligence, violation of the consumer protection laws of several states and for breaching its contractual obligations to them. In essence, Judge Rosenthal found most of these claims were not viable.

Rosenthal dismissed the negligence and contractual obligation claims. He threw out the negligence claims because the law does not allow tort damages in cases where no physical or property injury exists. He dismissed the breach of contract claims because there was no direct or implied contract the banks could connect to a breach incident.

Rosenthal said he will allow the banks to file an amended breach-of-contract claim. He also let stand a claim filed under the Florida Deceptive and Unfair Trade Practices Act.

Settlements

Enough suits were filed against Heartland following the breach, the largest ever in the payment card industry, for the claims to be separated into consumer claims and financial institution claims. Heartland settled the consumer claims in 2010 for $4 million. The settlement gave eligible consumers up to $175 for expenses associated with the stolen credit or debit card information. Heartland also agreed to pay as much as $10,000 to identity theft victims who suffered losses as a result of the breach.

Heartland Chief Executive Officer Robert O. Carr told The Green Sheet that to the best of his knowledge, all consumer claims are settled. He also said he does not expect the banks to file additional claims but he is prohibited from speaking further about any continuing litigation issues.

Carr said there was no sense of vindication in the company after Rosenthal's favorable ruling. He noted the breach has directly cost Heartland "between $125 million and $150 million." Unfortunately, he could offer little help for other companies looking to avoid their own breaches in a world where data theft is becoming a booming industry. "Our situation was very unique as a nonbank, public payments company, so I don't think our approach would necessarily be appropriate for most other potential victims," he said.

Crime and punishment

Three hackers were publicly held responsible for the Heartland Breach. U.S. citizen Albert Gonzalez was arrested and sentenced to 20 years in prison after pleading guilty to charges related to the breach. The indictment also named Maksym Yastremskiy of Kharkov, Ukraine, and Aleksandr Suvorov, of Sillamae, Estonia. Asked if he was confident all the hackers involved in the breach were identified Carr answered, "I am confident this is not the case."

Moving forward

Carr has worked on a number of initiatives to improve security in the payments industry. Heartland is now manufacturing its own Heartland E3 terminal, an encrypted, tamper resistant security module that wipes out the encryption keys and renders the terminal inoperative if the security module is tampered with.

Also, the operating system of the E3 is locked down so that every application applied to the terminal must have a certificate and be tied into the operating system. When a transaction goes through the end-to-end encryption, a token is created on the back-end to allow for chargebacks, reversals or other processes needed after the transaction.

Carr said more than 20,000 merchants are using the E3 terminal. "It has been very successful for us," he said.

Carr also helped to found the Payments Processing Information Sharing Council under the umbrella of the Financial Service Information Sharing and Analysis Center to provide a way for the industry to share information about fraud threats, vulnerabilities and migration in the payments industry. "The PPISC is a vibrant and effective organization with almost all large acquirers, including Heartland, very involved in sharing experiences and information," Carr noted.

For additional news stories, please visit www.greensheet.com and click on "Read the Entire Story" in the center column below the latest news story excerpt. This will take you to the full text of that story, followed by all other news stories posted online.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | USAePay | Super G Capital LLC | Humboldt Merchant Services | Impact Paysystems | Electronic Merchant Systems