Heartland Payment Systems, Visa Enter Into Settlement Agreement For Data Security Breach Claims

Heartland will pay up to $60m to fund the settlement program, which is subject to certain conditions, including a specified level of participation by US Visa issuers. Moreover, Visa will present details of the settlement to eligible issuers in the coming days.

The Visa/Heartland settlement agreement is contingent upon acceptance by financial institutions representing 80% of the eligible issuers’ US accounts that Visa considered to have been placed at risk of compromise during the Heartland intrusion.

Additionally, Visa will credit the full amount of intrusion-related fines it previously imposed and collected from Heartland’s sponsoring bank acquirers towards the $60m maximum funding of the program. The settlement amount represents a significant recovery to Visa issuers for losses they may have suffered from the Heartland data security breach.

All US card issuers who participate in the program will be eligible to receive a portion of the specified recovery. The settlement also includes recovery for international issuers of accounts Visa considered to have been placed at risk of compromise.

Participation in the settlement program supplants any other recoveries that may be available to issuers through Visa and requires accepting issuers to release Heartland, its sponsoring bank acquirers and Visa from any legal and financial liability related to the Heartland intrusion.

Ellen Richey, chief enterprise risk officer at Visa, said: “We believe issuers will benefit by participating in this settlement program because it offers an immediate recovery with respect to losses they may have incurred from the Heartland intrusion.

“Helping financial institutions mitigate costs after a data security breach has been a long-standing component of Visa’s security strategy, along with promoting new security technologies, preventing fraud and leading efforts to secure sensitive data across the entire payment system.”

Bob Carr, chairman and CEO of Heartland, said: “We are pleased to have reached a fair settlement agreement that helps issuers obtain a recovery with respect to losses they may have incurred from the intrusion. At Heartland, we are also committed to helping issuers – as well as all stakeholders in the payment ecosystem – mitigate future risk. We have assumed a leadership position in the development of enhanced data security and fostering the sharing of information.”

Sign up for our weekly news round-up!

Give your business an edge with our leading Future Banking

Sign up