Comments on: Heartland Taking Names And Kicking POS, With Visa’s Help http://storefrontbacktalk.com/securityfraud/heartland-taking-names-and-kicking-pos-with-visas-help/ Techniques, Tools and Tirades about Retail Technology and E-Commerce Wed, 08 Feb 2012 16:02:40 +0000 hourly 1 http://wordpress.org/?v=3.2.1 By: Steve Sommers http://storefrontbacktalk.com/securityfraud/heartland-taking-names-and-kicking-pos-with-visas-help/comment-page-1/#comment-59819 Steve Sommers Thu, 23 Apr 2009 00:15:26 +0000 http://www.storefrontbacktalk.com/?p=2632#comment-59819 A VISA represenative speaking at the ETA show clarified this today. The merchant is responsible from his network and down stream -- meaning any POS, hardware or software that they host. Merchants must use "approved" gateways and processors but if the breach happens up stream -- meaning the gateway or processor -- then the merchant is not liable. Heartland is still an "approved" vendor (albeit on probation) so compliant merchants using Heartland are compliant. A VISA represenative speaking at the ETA show clarified this today. The merchant is responsible from his network and down stream — meaning any POS, hardware or software that they host. Merchants must use “approved” gateways and processors but if the breach happens up stream — meaning the gateway or processor — then the merchant is not liable. Heartland is still an “approved” vendor (albeit on probation) so compliant merchants using Heartland are compliant.

]]> By: PCI Guy http://storefrontbacktalk.com/securityfraud/heartland-taking-names-and-kicking-pos-with-visas-help/comment-page-1/#comment-58082 PCI Guy Tue, 31 Mar 2009 17:25:58 +0000 http://www.storefrontbacktalk.com/?p=2632#comment-58082 Considering all of the close scrutiny Heartland has now been subject to by VISA personnel, FBI, Secret Service, and Heartland's own staff and security consultants, their systems are now probably far more secure than most. So why on Earth did Visa decide to make a public spectacle of "suspending" Heartland? What benefit could possibly been achieved by doing that? Either VISA considers Heartland's systems secure enough to be safe for processing transactions, or not. If they are not secure enough then they should have been REMOVED from the list, not "placed on probation". Considering all of the close scrutiny Heartland has now been subject to by VISA personnel, FBI, Secret Service, and Heartland’s own staff and security consultants, their systems are now probably far more secure than most. So why on Earth did Visa decide to make a public spectacle of “suspending” Heartland? What benefit could possibly been achieved by doing that? Either VISA considers Heartland’s systems secure enough to be safe for processing transactions, or not. If they are not secure enough then they should have been REMOVED from the list, not “placed on probation”.

]]> By: Evan Schuman http://storefrontbacktalk.com/securityfraud/heartland-taking-names-and-kicking-pos-with-visas-help/comment-page-1/#comment-57572 Evan Schuman Wed, 25 Mar 2009 12:28:50 +0000 http://www.storefrontbacktalk.com/?p=2632#comment-57572 Editor's Note: The gray area here is Visa's use of the word "probation" and Visa's definition. It means that someone is off the PCI Compliant list, but it also means explicitly that retailers and still use them and be considered compliant. That probationed entity has to jump through a lot of testing hoops--and is put on notice that they need to fix everything quickly or they're out--but they are still qualified to accept transactions. But regardless of how anyone might feel about this probation mode, Visa is within its rights to create it and to define it however it wants. Given that Visa--from the beginning--was explicit about what it meant, I have to side with Heartland on this one and say that the rivals (this time) were out-of-line. I don't have to agree with Visa's move (personally, I would have argued that if they wanted to have an impact, they should have cleanly removed them from the list. That would have sent a clear signal) to respect it and to argue that the industry has an obligation to abide by it. Editor’s Note: The gray area here is Visa’s use of the word “probation” and Visa’s definition. It means that someone is off the PCI Compliant list, but it also means explicitly that retailers and still use them and be considered compliant. That probationed entity has to jump through a lot of testing hoops–and is put on notice that they need to fix everything quickly or they’re out–but they are still qualified to accept transactions.
But regardless of how anyone might feel about this probation mode, Visa is within its rights to create it and to define it however it wants. Given that Visa–from the beginning–was explicit about what it meant, I have to side with Heartland on this one and say that the rivals (this time) were out-of-line. I don’t have to agree with Visa’s move (personally, I would have argued that if they wanted to have an impact, they should have cleanly removed them from the list. That would have sent a clear signal) to respect it and to argue that the industry has an obligation to abide by it.

]]> By: Tom Mahoney http://storefrontbacktalk.com/securityfraud/heartland-taking-names-and-kicking-pos-with-visas-help/comment-page-1/#comment-57568 Tom Mahoney Wed, 25 Mar 2009 12:04:47 +0000 http://www.storefrontbacktalk.com/?p=2632#comment-57568 Evan; I certainly don't approve of advertising using Heartland's unfortunate position but you, or rather Heartland's competitors, raise an interesting point. Merchants are required to be compliant. Being compliant requires using a compliant processor. Heartland is not, at least for now, compliant. Therefore Heartland's merchants are not compliant. Yes? No? Evan;

I certainly don’t approve of advertising using Heartland’s unfortunate position but you, or rather Heartland’s competitors, raise an interesting point.

Merchants are required to be compliant. Being compliant requires using a compliant processor. Heartland is not, at least for now, compliant. Therefore Heartland’s merchants are not compliant.

Yes? No?

]]>