Well, I just got done reading an article which contained a statement from Visa regarding PCI assessments...it seems to thwart any legal argument Heartland may have.
You see, apparently the data might not be protected, but V/MC has certainly made sure that they are.
Information Week's Andrew Conry-Murray, in an article titled, "PCI is Meaningless, But We Still Need It", points out:
Assessments "do not guarantee that those security controls remain in place after the review is complete." In other words, a company is only compliant with PCI's security standards during the time of review. Once the assessors leave the building, all bets are off.
He goes on to say: "I believe PCI was constructed this way for two reasons.
First, it absolves the assessors and the card brands of any liability should a compliant company get breached. The issue of liability is critical, because breaches attract lawsuits the way roadkill attracts crows."
Yes, and it looks like Heartland gets to play the part of roadkill...the banks/V/MC get to pick their part, scratch that, pick-a-part in their role as a "murder of crows."
Heartland's tough battle just got tougher...and the prognosis isn't good. Lizbith...dis is da big one!
PIN Debit Payments Blog
![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vBMfu41p5tJ9beNaMitVU8ZIuL6M9yGcTQ8OSHaqOVYzy8xoTxnGRpe2gULqSV5GFEpECmqt5w5ANTt9Y_IZt_LthMSglSXjqmrHS_m4PywhH41nIY8pbuOtIvy85vM8CGFdU_Tp9YafgixaPIQD8=s0-d)
0 comments