A Little About Heartland
If you’re currently with Heartland Payment Systems and haven’t heard about their bumpy history, we’ll take you on a crash course! Heartland is a payment processor, and typically uses an interchange-plus pricing model, like us. Its major market is the restaurant industry because they partnered with the National Restaurant Association. In addition to selling payment processing, Heartland offers payroll and lending services. Heartland has had numerous data breaches over the years. In 2016, the founder, Bob Carr, sold out and Heartland was acquired by a company called Global Payments, who ironically enough went through their own data breach in 2012. You’ve heard the saying “birds of a feather flock together”.
After the business was sold, many merchants and employees left Heartland claiming a lack of support and a change in company culture for the worse. Heartland sales reps have the ability to set up merchant accounts on a month-to-month basis. However, most reps try to put merchants into a 3-year contract with an early termination fee of $295. They do this to get higher bonus commissions on the accounts they bring in.
The Big Breach
The first Heartland Payment Systems breach occurred in 2008. It is the largest card data breach in U.S. history exposing over 100 million debit and credit cards. At the time, it was the sixth-largest payment processor in the world. Any regulars to the payment processing industry might ask, “Wouldn’t the encryption of private information protect information?” The company’s president and CFO Robert Baldwin would answer, “as the transaction is being processed, it has to be in unencrypted form to get the authorization request out.”
The Physical Breach
On May 8th of 2015, Heartland Payment Systems suffered a breach affecting their payroll systems. This one was a physical breach of their offices in Santa Ana, California. Thieves made off with computers and other electronics in the office that housed social security numbers, along with other private information. This information wouldn’t have been able to be removed from the computers if the data was protected through the computers’ security systems.
The Breach of Trust
Would you hire a sickly-looking doctor on his deathbed? Would you hire a disbarred attorney with malpractice lawsuits against him? Payment processors are supposed to be experts in financial data security. They’re supposed to advise businesses on the PCI Compliance Data Security Standards and how to keep their customers’ credit card data safe. What does it say about a processor who is responsible for the largest card data breach in US history? Will they be able to help prevent your business from a data breach?
A Little About PayFrog
PayFrog represents payment processors that are service level 1 PCI DSS Certified. Our payment professionals have been certified by the Electronic Transaction Association. We endorse secure credit card processing and secure payment technologies such as an end to end encryption, tokenization, transport layer security. Feeling a little unprotected with your current provider? Then contact us for a free consultation with PayFrog and we’ll show you what true security looks like.