There need to be stiff fines for each and every data breach payable directly to the customer who's data is compromised. $10,000 per offense.

@edrebber: Dontcha think that would lead to FAR fewer companies disclosing breaches in the first place?

@edrebber: Might as well cut out the middle man and make that $10,000 payable directly to AIG...

The PCI Security standard in many ways is woefully inadequate. Yes, it has significant demands but like any "Broad Based" security standard; it's cookie cutter. Every technology enviornment is unique, and cookie cutter standards like PCI are just a publicity stunt.

On top of that the PCI security audit folks.... to put it nicely, are a joke. Visa included.

As they stated, they "were" PCI compliant. Which as you can see... obviously means nothing.

Pure shame really...

They don't have to keep our personal information safe, they don't have to disclose certain data breaches, they can make up new interest rates with 30 days notice and they can lower your limit below your current balance.

It's funny; these 'mega rewards' cards are appropriately named--it's just that the credit card companies get the mega rewards, not customers.

I got a nice little letter from my bank advising me that my debit card number had been compromised in the Heartland fiasco.

This "recession" (read: depression) is a good time for us to stop our own personal deficit spending. I've been paying cash or debit only for the last 10 years now, and have a total debt of $0. It's easy. If you want to buy something but can't afford it, then you save money until you can. You want change? Put these credit card companies out of business and get yourself out of indentured servitude at the same time. Nobody out there is looking out for you. It's up to you to look out for yourself. Visa doesn't care about you. Give your loyalty to people, not corporations. /rant off

So this is kinda like telling them to go stand in the corner but not actually making them do it? That'll show em'.

@fatcop: I got the same letter from my credit union. Heartland sucks.

Actually this is a big deal. If a company is not PCI compliant (and being removed from the list means they are no longer PCI compliant) any new business cannot use Heartland or RBS to process credit cards.

Furthermore companies that currently use those two providers may be told by their banks that they have to change their provider or else they cannot process cards anymore.

FYI: I don't work with Visa, but I do work with PCI compliance on a daily basis and I know the penalties. Believe me this is a legitimate penalty provided they don't re-certify them within a week or two.

@supercereal: Sad, but true.

@fatcop: I got one too. Should have a new card this week. Lame.

Good? Bad? Can we at least rag on Visa for not assuring PCI compliance before the breaches? The "you seem to be insecure due to a recent massive data breach" approach needs a rethink.

@ZManGT: yeah, it's a big deal, but it's also b.s. remember the cardsystems breach in 2004-5? it was the largest processor breach prior to this one at heartland. they were also delisted, but shortly thereafter they were purchased by a competing vendor - pay by touch - who wanted access to their merchants.

imo, the networks need to do a bit more to maintain the integrity of their systems, which includes auditing various aspects of their network for compliance.

@chrisjames: for real.