Is Heartland going to take the position that they are a plaintiff rather than a defendant against claims from cardholders/issuers and V/MC themselves? Will they shoot back or is PCI DSS certification going to shoot down any argument that V/MC may have?

Heartland Payment Systems, Bob Carr shows one of his cards. In their newly released 4th Quarter Earnings Report (which by the way was pre-breach) he says that one of the biggest challenges they face in regards to the breach is "defending" claims that the "cardholders" "card issuers" V/MC, regulators (and others) have asserted (or may assert).

For the first time (that I've seen) he implies that they intend to not only vigorously defend any such claims, but that they have "meritorious defenses" to those claims. So it appears that they are preparing to claim that they are the plaintiffs and the defendants are going to be the brands (V/MC) Undoubtedly, they will use their PCI DSS certification as a launching pad to deter blame from them to others. PCI DSS may be the bullet that Heartland fires back with if V/MC tries to shoot them down.

This is going to be an interesting legal development and the PIN Payments Blog will keep a close eye on further developments...

Heartland is committed to aggressively pursuing its efforts for the development and industry-wide implementation of end-to-end encryption technology- which if successfully developed and implemented will be designed to protect data at rest as well as data in motion - as an improved and safer standard of payments security.

"Clearly our biggest challenge in 2009 will arise from the system breach we suffered. There are two main components to the challenge we face: addressing claims that cardholders, card issuers, the Brands, regulators, and others have asserted, or may assert, against us arising out of the breach and managing the potential impact of the breach on the day-to-day operations of our business.

With regard to the first challenge, we intend to vigorously defend any such claims and we believe we have meritorious defenses to those claims that have been asserted to date.

At this time we do not have information that would enable us to reasonably estimate the amount of losses we might incur in connection with such claims. As to the second challenge, our sales and service teams have responded tremendously, and early indications of client response are positive: in the weeks since our announcement of the breach, we have installed more margin, and have a bit less merchant attrition, than in the same period in 2008. While it is too early to tell, and we will certainly face challenges from macro economic conditions confronting our customers, at this point we believe that our expanded product breadth, reputation for superior customer service, candor, and no arbitrary rate increases, should allow us to grow our card processing merchants, payroll clients and check management clients in 2009. I am very proud of our Heartland employees, who are aggressively reaching out to strengthen our relationships and maintain the trust and confidence of the merchant community."