Heartland Payment Systems

Last updated
Heartland Payment Systems, Inc.
Company type Subsidiary
IndustryElectronic Payment Processing
FoundedJuly 15, 1997;27 years ago (1997-07-15)
FounderBob Carr
Headquarters Oklahoma City, Oklahoma
Area served
United States
Revenue$2.1 Billion (2014) [1]
Number of employees
3,734 (2014)
Parent Global Payments
Website Heartland.us

Heartland Payment Systems, Inc. is a U.S.-based payment processing and technology provider. Founded in 1997, Heartland Payment Systems' last headquarters were in Princeton, New Jersey. [2] The company was acquired by Global Payments for $4.3 billion in 2016. [3] [4]

Contents

Heartland Payment Systems provides payment processing for more than 275,000 business locations in the United States and processes more than 11 million transactions a day and more than $80 billion in transactions a year, as of 2014. [1]

In addition to payment processing, Heartland has developed or acquired businesses in payroll processing, gift card and campus card, point of sale systems, school payments and nutrition, network management, mobile payments and ordering, eCommerce, billing, and lending services.

History

Heartland was co-founded by Robert O. Carr in Princeton, New Jersey in 1997. [5]

In 2001, the company received a $40 million private equity investment from Greenhill Capital Partners, L.P. (New York, NY), LLR Partners, Inc. (Philadelphia, PA), and their affiliated investment funds. [6] The company went public on the New York Stock Exchange on August 11, 2005. [7]

Security breach

On January 20, 2009 Heartland announced that it had been "the victim of a security breach within its processing system in 2008". [8] The data stolen included the digital information encoded onto the magnetic stripe built into the backs of credit and debit cards; with that data, thieves can fashion counterfeit credit cards by imprinting the same stolen information onto fabricated cards. [9] One estimate claimed 100 million cards and more than 650 financial services companies were compromised; at the time, it was characterized as the largest ever criminal breach of card data. [10]

An American computer hacker, Albert Gonzalez, was sentenced in March 2010 to 20 years in prison for his role in the hacking ring that broke into the Heartland computer systems. [11] In February 2018, two Russian hackers were sentenced for a string of hacking including the Heartland breach. [12]

On May 1, 2009, Visa and Heartland issued a statement that Heartland successfully validated its compliance with PCI DSS and was returned to Visa's list of PCI DSS Validated Service Providers. [13]

End-to-end encryption

On May 24, 2009, Heartland commercially launched their E3, an end-to-end encryption technology designed to safeguard credit and debit card account information from the moment of card swipe and through the Heartland network. [14] Gartner Analyst Avivah Litan stated that Heartland "is basically leading the way for the rest of the industry." She also characterized its plan for end-to-end encryption as the first effort of its kind in the US. [15]

Other processors including Worldpay US and several First Data ISO's announced end-to-end encryption initiatives soon after Heartland announced theirs. [16] [17]

Open letter to the electronic payments industry

Following a keynote address to the Strategic Leadership Forum of the Electronic Transactions Association in October 2013, Heartland CEO Bob Carr published an open letter to the electronic payment processing industry urging an end to unethical, dishonest and illegal pricing practices, referencing the practice of deliberately falsifying interchange rates, deliberately falsifying merchant category codes (MCC), and the use of confusing small print to extort large fines from merchants. [18]

Litigation against Mercury Payment Systems

In January 2014, Heartland filed a lawsuit against the company Mercury Payment Systems, an electronic payment provider, for alleged false advertising and "other deceptive trade practices". [19] The lawsuit concerns interchange fees charged by credit card networks and alleges violations of the Lanham Act and state laws. [20]

Heartland Secure

In May 2014, Heartland Secure is launched. Backed by a breach warranty, Heartland Secure combines three technologies to provide merchants with security and guard against monetization of stolen card data.[ citation needed ]

Merger with Global Payments

In April 2016, Heartland and Global Payments completed their merger agreement. The combined company, Global Payments Inc., is publicly traded (NYSE: GPN), and has more than 8,500 employees worldwide. [21]

Acquisitions

Related Research Articles

<span class="mw-page-title-main">Tokenization (data security)</span> Concept in data security

Tokenization, when applied to data security, is the process of substituting a sensitive data element with a non-sensitive equivalent, referred to as a token, that has no intrinsic or exploitable meaning or value. The token is a reference that maps back to the sensitive data through a tokenization system. The mapping from original data to a token uses methods that render tokens infeasible to reverse in the absence of the tokenization system, for example using tokens created from random numbers. A one-way cryptographic function is used to convert the original data into tokens, making it difficult to recreate the original data without obtaining entry to the tokenization system's resources. To deliver such services, the system maintains a vault database of tokens that are connected to the corresponding sensitive data. Protecting the system vault is vital to the system, and improved processes must be put in place to offer database integrity and physical security.

<span class="mw-page-title-main">Point of sale</span> Time and place where a retail transaction is completed

The point of sale (POS) or point of purchase (POP) is the time and place at which a retail transaction is completed. At the point of sale, the merchant calculates the amount owed by the customer, indicates that amount, may prepare an invoice for the customer, and indicates the options for the customer to make payment. It is also the point at which a customer makes a payment to the merchant in exchange for goods or after provision of a service. After receiving payment, the merchant may issue a receipt, as proof of transaction, which is usually printed but can also be dispensed with or sent electronically.

<span class="mw-page-title-main">Fiserv</span> Provider of financial services technology to banks

Fiserv, Inc. is an American multinational company headquartered in Milwaukee, Wisconsin. Fiserv provides financial technology and services to clients across the financial services sector, including banks, thrifts, credit unions, securities broker dealers, mortgage, insurance, leasing and finance companies, and retailers.

<span class="mw-page-title-main">Verifone</span> Multinational point-of-sale equipment manufacturer

Verifone, Inc. is an American multinational corporation headquartered in Coral Springs, Florida. Verifone provides technology for electronic payment transactions and value-added services at the point-of-sale. Verifone sells merchant-operated, consumer-facing and self-service payment systems to the financial, retail, hospitality, petroleum, government and healthcare industries. The company's products consist of POS electronic payment devices that run its own operating systems, security and encryption software, and certified payment software, and that are designed for both consumer-facing and unattended environments.

A payment gateway is a merchant service provided by an e-commerce application service provider that authorizes credit card or direct payment processing for e-businesses, online retailers, bricks and clicks, or traditional brick and mortar. The payment gateway may be provided by a bank to its customers, but can be provided by a specialised financial service provider as a separate service, such as a payment service provider.

A payment service provider (PSP) is a third-party company that allows businesses to accept electronic payments, such as credit card and debit card payments. PSPs act as intermediaries between those who make payments, i.e. consumers, and those who accept them, i.e. retailers.

First Data Corporation is a financial services company headquartered in Atlanta, Georgia, United States. The company's STAR Network provides nationwide domestic debit acceptance at more than 2 million retail POS, ATM, and at online outlets for nearly a third of all U.S. debit cards.

Shopping cart software is a piece of e-commerce software on a web server that allows visitors to have an Internet site to select items for eventual purchase.

Moneris is a Canadian financial technology company that specializes in payment processing.

The Payment Card Industry Data Security Standard is an information security standard used to handle credit cards from major card brands. The standard is administered by the Payment Card Industry Security Standards Council, and its use is mandated by the card brands. It was created to better control cardholder data and reduce credit card fraud. Validation of compliance is performed annually or quarterly with a method suited to the volume of transactions:

<span class="mw-page-title-main">NTT Data Payment Services</span> Indian Financial Services Company

NTT Data Payment Services is a payment services provider company headquartered in Mumbai, India.

<span class="mw-page-title-main">ACI Worldwide</span> American payment systems company

ACI Worldwide Inc. is a payment systems company headquartered in Miami, Florida. ACI develops a broad line of software focused on facilitating real-time electronic payments. These products and services are used globally by banks, financial intermediaries such as third-party electronic payment processors, payment associations, switch interchanges, merchants, corporations, and a wide range of transaction-generating endpoints, including automated teller machines ("ATM"), merchant point of sale ("POS") terminals, bank branches, mobile phones, tablet computers, corporations, and internet commerce sites.

<span class="mw-page-title-main">Worldpay, Inc.</span> American payment processing company

Worldpay is an American multinational financial technology company and payment processing company. Worldpay provides payment and technology services to merchants and financial institutions globally generating 40 billion transactions across 146 countries and 135 currencies.

Ukrainian Processing Center is a Ukrainian company founded in 1997 which provides processing services and software for banks. UPC was the first Ukrainian company within the sphere of processing that received MSP and TPP status in Visa and Mastercard. In April 1997 UPC processed the first ATM EC/MC card transaction. Since 2005 UPC has become part of the Raiffeisen Bank International. The head office of UPC is based in Kyiv. Ukrainian Processing Center provides services to banks in Central and East Europe in the sphere of processing payment cards, merchant acquiring and ATM channel management. UPC also offers integrated IT systems for electronic commerce, card transactions monitoring systems of fraud prevention, card issuing system and SMS banking service. Moreover, UPC was the initiator of the establishment of the united ATM network "ATMoSphere", which consists of payment cards issuing banks. Annually UPC processes more than 400 million of payment card transactions.

Simpay is a United States based company that provides card processing services, payroll, Point of sale (POS) systems, gift and reward cards, ATM services, and merchant cash advances to smaller businesses in a wide variety of industries in the United States.

<span class="mw-page-title-main">Cayan</span> U.S.-based payment processing company

Cayan is a provider of payment technologies and merchant services, based in Boston, Massachusetts. The company enables payments in physical stores and mobile locations, as well as e-commerce. Cayan was acquired by TSYS in December 2017 and operates as wholly-owned subsidiary of TSYS.

Point-to-point encryption (P2PE) is a standard established by the PCI Security Standards Council. Payment solutions that offer similar encryption but do not meet the P2PE standard are referred to as end-to-end encryption (E2EE) solutions. The objective of P2PE and E2EE is to provide a payment security solution that instantaneously converts confidential payment card data and information into indecipherable code at the time the card is swiped, in order to prevent hacking and fraud. It is designed to maximize the security of payment card transactions in an increasingly complex regulatory environment.

Semi-Integrated Point-of-Sale is a checkout method used by retailers which integrates payment processing and POS software in a secure & streamlined network configuration. Semi-Integration allows retailers to accept Chip/EMV credit card and debit card payments, as well account for inventory changes, returns, voided transactions and other payment functions.

<span class="mw-page-title-main">Point-of-sale malware</span>

Point-of-sale malware is usually a type of malicious software (malware) that is used by cybercriminals to target point of sale (POS) and payment terminals with the intent to obtain credit card and debit card information, a card's track 1 or track 2 data and even the CVV code, by various man-in-the-middle attacks, that is the interception of the processing at the retail checkout point of sale system. The simplest, or most evasive, approach is RAM-scraping, accessing the system's memory and exporting the copied information via a remote access trojan (RAT) as this minimizes any software or hardware tampering, potentially leaving no footprints. POS attacks may also include the use of various bits of hardware: dongles, trojan card readers, (wireless) data transmitters and receivers. Being at the gateway of transactions, POS malware enables hackers to process and steal thousands, even millions, of transaction payment data, depending upon the target, the number of devices affected, and how long the attack goes undetected. This is done before or outside of the card information being (usually) encrypted and sent to the payment processor for authorization.

Global Payments Inc. is an American multinational financial technology company that provides payment technology and services to merchants, issuers and consumers. In June 2021, the company was named to the Fortune 500. The company processes payments made through credit cards, debit cards, and digital and contactless payments.

References

  1. 1 2 "Revenue, EPS, & Dividend - Heartland Payment Systems, Inc. (HPY) - NASDAQ.com". Archived from the original on 2014-01-10. Retrieved 2014-01-10.
  2. Martin, Stacy (2014-03-18). "Heartland Payment Systems® breaks ground for Edmond sales headquarters". Oklahoma City Sentinel. Retrieved 2024-08-01.
  3. Merced, Michael J. de la (2015-12-15). "Global Payments to Buy Heartland Payment for $4.3 Billion". The New York Times. ISSN   0362-4331 . Retrieved 2017-12-31.
  4. Taylor, Glenn (2015-12-16). "Global Payments To Acquire Heartland Payment Systems For $4.3 Billion". Retail TouchPoints. Retrieved 2024-08-01.
  5. Feloni, Richard. "A CEO shares the surprising lesson he learned from selling his company for $4 billion". Business Insider. Retrieved 2024-06-06.
  6. "Heartland Systems gets $40 million investment". Deseret News. 2024-01-17. Retrieved 2024-06-06.
  7. "New Stock Offerings Scheduled for the Week". The New York Times. 2005-08-08. ISSN   0362-4331 . Retrieved 2024-08-01.
  8. "Heartland Payment Systems Uncovers Malicious Software In Its Processing System". January 20, 2008. Archived from the original on January 27, 2009. Retrieved 2009-01-21.
  9. Brian Krebs (January 20, 2009). "Payment Processor Breach May Be Largest Ever". Washington Post. Archived from the original on January 7, 2012. Retrieved January 21, 2009.
  10. King, Rachael (6 July 2009). "Lessons from the Data Breach at Heartland". Archived from the original on 8 June 2014. Retrieved 8 June 2014.
  11. "Gonzalez sentenced to 20 years for Heartland break-in - Computerworld". 26 March 2010. Archived from the original on 2014-07-14. Retrieved 2014-06-08.
  12. "Two Russian Nationals Sentenced to Prison for Massive Data Breach Conspiracy | OPA | Department of Justice". 15 February 2018. Archived from the original on 2019-11-18. Retrieved 2019-11-18.
  13. Heartland Payment Systems Returns to Visa's List of PCI DSS Validated Service Providers
  14. "Heartland Preps for Its Big End-to-End Encryption Rollout". DigitalTransactions.net. Archived from the original on 17 November 2015. Retrieved 7 August 2017.
  15. "Security breach has cost Heartland £8.4m so far". UKFast.co.uk. Archived from the original on 28 May 2024. Retrieved 7 August 2017.
  16. Westervelt, Robert. "First Data, RSA push tokenization for payment processing". www.TechTarget.com. Archived from the original on 15 October 2011. Retrieved 22 September 2009.
  17. "RBS WorldPay, VeriFone Market End-to-End Card Encryption Solution". PaymentNews.com. Archived from the original on 30 August 2009. Retrieved 12 August 2009.
  18. "Open Letter to the Electronic Payments Industry". Archived from the original on 2018-03-12. Retrieved 2018-03-12.
  19. Heartland Payment Systems. "Heartland Payment Systems Files Federal Lawsuit Against Mercury Payment Systems, LLC". Yahoo! Finance. Archived from the original on 2 March 2014. Retrieved 11 February 2014.
  20. Villarreal, Alexandra. "Heartland files suit against Mercury Payment Systems over alleged illegal practices" Archived 2015-11-17 at the Wayback Machine . Bank Credit News. 1/31/14. Retrieved 2/5/14.
  21. "Global Payments Completes Merger with Heartland Payment Systems (NYSE:GPN)". investors.globalpaymentsinc.com. Archived from the original on 2018-01-16. Retrieved 2016-10-18.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.