Visa has removed Heartland Payment Systems and RBS WorldPay from its list of processors certified under the Payment Card Industry Data Security Standard. Both processors have disclosed unauthorized intrusions into their systems.
Visa has sanctioned two payment processors that have disclosed in recent months exposing cardholder information to hackers.
The card brand has removed Heartland Payment Systems and RBS WorldPay from its list of processors certified under the Payment Card Industry Data Security Standard, a set of security protocols that processors, merchants and card-issuing banks are bound to follow.
Heartland says it continues to process Visa transaction as it works to restore its PCI certification, which it expects to achieve by May. Heartland says it has not been sanctioned by MasterCard.
RBS WorldPay, a subsidiary of the U.K.’s Royal Bank of Scotland, says it hopes to restore its PCI certification in April.
Heartland disclosed in January that criminals had inserted malicious software into its computer systems which may have allowed them to gain access to such data as card numbers and expiration dates. The company has not said how many card numbers may have been involved in the data breach, which took place in 2008. RBS said 1.5 million cards may have been exposed in the attack on its system, which was disclosed in December.
Heartland says it processes payments for approximately 3,650 web merchants. Only one online retailer listed Heartland Payment Systems as its processor in the Internet Retailer Top 500 Guide, Sonic Electronix, and that company ended its relationship with Heartland in October, switching its processing to CyberSource Corp. Sonic is No. 337 in the Internet Retailer Top 500 Guide.
No retailers listed RBS WorldPay as their payment processors in the Top 500 Guide.