Heartland Taking Names And Kicking POS, With Visa’s Help
Written by Evan SchumanMarch 24th, 2009
When Visa sent an E-mail to retailers telling them it was suspending Heartland, the note was explicit in saying that "Heartland will continue to serve as a processor in the Visa system." But that didn't stop rivals from recruiting Heartland customers by saying that they could face fines or PCI certification problems if they used them.
Visa issued a statement "clarifying" their original position, despite the fact that their original position was quite clear. What was so confusing about Visa's original statement that "Heartland will continue to serve as a processor in the Visa system"? Did people think that Visa would tell retailers that a vendor "will continue to serve as a processor in the Visa system" and then turn around and fine—or decertify—them for doing so?
This Story Is Only Available For Premium Subscribers. Click Or Login In Below To Read The Rest Of This Story.
Already a Subscriber? Login Here
Pages: 1 2
4 Comments | Read Heartland Taking Names And Kicking POS, With Visa’s Help
Leave a Reply
Readers, specifically those who want to comment on a story:
Our Comment SPAM system is getting very aggressive these days and has been blocking legitimate comments. If you post a comment and don't see it appear within 2 hours or so, can you please send a heads-up to customer-service@storefrontbacktalk.com? Ideally, please include the time you posted the comment. That will allow us to try and hunt for it. Thanks! P.S. We're working on fixing the system, but we don't want to lose any valuable comments in the meantime.
Our Comment SPAM system is getting very aggressive these days and has been blocking legitimate comments. If you post a comment and don't see it appear within 2 hours or so, can you please send a heads-up to customer-service@storefrontbacktalk.com? Ideally, please include the time you posted the comment. That will allow us to try and hunt for it. Thanks! P.S. We're working on fixing the system, but we don't want to lose any valuable comments in the meantime.
-Christine
March 25th, 2009 at 7:04 am
Evan;
I certainly don’t approve of advertising using Heartland’s unfortunate position but you, or rather Heartland’s competitors, raise an interesting point.
Merchants are required to be compliant. Being compliant requires using a compliant processor. Heartland is not, at least for now, compliant. Therefore Heartland’s merchants are not compliant.
Yes? No?
March 25th, 2009 at 7:28 am
Editor’s Note: The gray area here is Visa’s use of the word “probation” and Visa’s definition. It means that someone is off the PCI Compliant list, but it also means explicitly that retailers and still use them and be considered compliant. That probationed entity has to jump through a lot of testing hoops–and is put on notice that they need to fix everything quickly or they’re out–but they are still qualified to accept transactions.
But regardless of how anyone might feel about this probation mode, Visa is within its rights to create it and to define it however it wants. Given that Visa–from the beginning–was explicit about what it meant, I have to side with Heartland on this one and say that the rivals (this time) were out-of-line. I don’t have to agree with Visa’s move (personally, I would have argued that if they wanted to have an impact, they should have cleanly removed them from the list. That would have sent a clear signal) to respect it and to argue that the industry has an obligation to abide by it.
March 31st, 2009 at 12:25 pm
Considering all of the close scrutiny Heartland has now been subject to by VISA personnel, FBI, Secret Service, and Heartland’s own staff and security consultants, their systems are now probably far more secure than most. So why on Earth did Visa decide to make a public spectacle of “suspending” Heartland? What benefit could possibly been achieved by doing that? Either VISA considers Heartland’s systems secure enough to be safe for processing transactions, or not. If they are not secure enough then they should have been REMOVED from the list, not “placed on probation”.
April 22nd, 2009 at 7:15 pm
A VISA represenative speaking at the ETA show clarified this today. The merchant is responsible from his network and down stream — meaning any POS, hardware or software that they host. Merchants must use “approved” gateways and processors but if the breach happens up stream — meaning the gateway or processor — then the merchant is not liable. Heartland is still an “approved” vendor (albeit on probation) so compliant merchants using Heartland are compliant.