Heartland in $60m settlement with Visa issuers

Hackers first broke into Heartland's network in 2008

Heartland Payment Systems, the fifth largest payments processor in the US, has agreed to pay issuers of Visa-branded credit and debit cards up to $60m (£37m) in compensation for losses incurred after the huge data breach in 2008.

The company revealed in January last year that hackers had infiltrated its computer systems and planted malware on its servers designed to steal card data. In the region of 100 million cards are thought to have been compromised.

Heartland chairman Bob Carr said that he was pleased to have reached a "fair settlement agreement" regarding the losses issuers may have suffered as a result of the intrusion.

"At Heartland, we are committed to helping issuers, as well as all stakeholders in the payment ecosystem, to mitigate future risk," he added.

"We have assumed a leadership position in the development of enhanced data security and fostering the sharing of information."

Ellen Richey, chief enterprise risk officer at Visa, urged issuers to participate in the settlement programme while emphasising Visa's security credentials.

"Helping financial institutions mitigate costs after a data security breach has been a long-standing component of Visa's security strategy, along with promoting new security technologies, preventing fraud and leading efforts to secure sensitive data across the entire payment system," she said.

The Visa payout comes just a month after Heartland announced a similar settlement with American Express of $3.6m (£2.2m), and yet again highlights the financial penalties that can result when IT systems are compromised.