Heartland Settles with AMEX for $3.6 Million - CEO calls the agreement equitable - Softpedia:
"Heartland Payment Systems has reached a settlement with American Express, following the major security breach suffered by the company last year. According to the agreement, the payment processor will pay $3.6 million to the card brand.
Heartland Payment Systems is a Princeton-based provider of payment processing services for over 250,000 companies. In January 2009, it announced that its computer network had been breached and transaction data including credit card details had been stolen. The company found data sniffing applications installed on its computer systems during a 2008 audit.
In March, Visa removed Heartland from its list of providers compliant with the payment industry's security standards, PCI DSS. The firm has worked hard to get re-certified and has since been an active advocate for the use of end-to-end encryption across the payment industry.
Heartland's CEO, Robert Carr, previously announced that the company had set aside $12.6 million to be used to cover all costs related to the incident. This latest settlement with AMEX will be paid off from that reserve. Over half of the sum was claimed by Mastercard alone, but Carr noted at the time that it would challenge their fines in court. Meanwhile, Visa only fined the company for $1 million.
'We are pleased to have reached an equitable settlement with American Express,' commented Carr. 'This settlement marks the first agreement with a card brand related to the intrusion,' he added. The sum resolves all intrusion-related issues between the two parties, such as the costs incurred by AMEX to cancel and re-issue millions of credit cards.
It has also faced a class-action lawsuit filed by shareholders, who claimed that the management had lied about the state of security at the company in a conference call following the incident. The lawsuit was dismissed this month by Judge Anne Thompson of the New Jersey U.S. District Court."