Visa has removed Heartland Payment Systems and RBS WorldPay, the two huge payment processors that suffered recent data breaches, from its list of companies that are in compliance with Payment Card Industry (PCI) rules. It says they can get back on the list when they recertify that they have proper security in place. While this may sound like a significant change in the status of the companies, in reality it does little to change how the three companies do business with each other or with merchants. It’s just a way for Visa to protect itself from any upcoming lawsuits by banks and credit unions against the payment processors.
Visa really wouldn’t want to do much to hurt its business partnership with the companies, considering how big they are. In addition, the contracts they have with merchants aren’t invalidated just because Visa delists them, so cutting ties completely could hurt Visa financially.
The recertification is just a formality, too:
“There have been no material system changes that would have negatively altered [last June’s] certification, and we have in fact enhanced the security of our systems in the interim,” RBS WorldPay said. “[But] because of the criminal intrusion, we need to be recertified earlier than the normal schedule.”
In other words, this is purely Visa looking out for Visa by pretending to be concerned about payment processor security, while in reality just covering its butt.
“Visa drops Heartland, RBS WorldPay from PCI compliance list after breaches” [ComputerWorld] (Thanks to Roger!)