As a follow-up to my earlier post today, media relations for RBS WorldPay contacted me. It appears that the number the main operator had given me for them was the wrong number, even though she confirmed it twice. In the meantime, I have obtained the following statement by Visa that confirms that, like Heartland Payment Systems, RBS WorldPay has also been placed on probation by Visa:
Visa Statement Regarding Changes to Online List of PCI DSS Service
ProvidersAs part of our commitment to data security and fraud prevention, Visa
joined others in the industry to create the Payment Card Industry Data
Security Standard (PCI DSS), a single standard that serves as a
consistent framework of data security requirements. Compliance with the
PCI DSS has significantly reduced unauthorized access to cardholder
data.Recently, Heartland Payment Systems and RBS WorldPay publicly disclosed
unauthorized access to their systems resulting in the compromise of card
account information from all major card brands. Based on compromise
event findings, Visa has removed Heartland and RBS WorldPay from its
list of PCI DSS compliant service providers, which can be found at
www.visa.com/cisp. Heartland and RBS WorldPay are actively working on
revalidation of PCI DSS compliance using a Qualified Security Assessor.
Visa will consider relisting both organizations following their
submissions of their PCI DSS reports on compliance.It’s essential that every business that handles payment card
information adhere to the highest standards to protect the security and
privacy of their customers’ financial information. The PCI DSS remains
an effective security tool when implemented properly – and remains the
best defense for businesses against the loss of sensitive data.