Company type | Subsidiary |
---|---|
Industry | Electronic Payment Processing |
Founded | July 15, 1997 |
Founder | Bob Carr |
Headquarters | Oklahoma City, Oklahoma |
Area served | United States |
Revenue | $2.1 Billion (2014) [1] |
Number of employees | 3,734 (2014) |
Parent | Global Payments |
Website | Heartland.us |
Heartland Payment Systems, Inc. is a U.S.-based payment processing and technology provider. Founded in 1997, Heartland Payment Systems' last headquarters were in Princeton, New Jersey.[ citation needed ] An acquisition by Global Payments, expected to be worth $3.8 billion [2] or $4.3 billion [3] was finalized on April 25, 2016. [4]
Heartland Payment Systems provides payment processing for more than 275,000 business locations in the United States and processes more than 11 million transactions a day and more than $80 billion in transactions a year, as of 2014. [1] In 2014, the Nilson Report ranked Heartland the 6th largest payment processor in the country by transaction count, and the 8th largest by processed dollar volume. [5]
In addition to payment processing, Heartland has developed or acquired businesses in payroll processing, gift card and campus card, point of sale systems, school payments and nutrition, network management, mobile payments and ordering, eCommerce, billing, and lending services.
Heartland processed its first card transaction on July 15, 1997. In 2001 the company received a $40 million private equity investment from Greenhill Capital Partners, L.P. (New York, NY), LLR Partners, Inc. (Philadelphia, PA), and their affiliated investment funds. [ citation needed ] The company went public on the New York Stock Exchange on August 11, 2005. On May 17, 2010, Heartland announced its debut on the list of America’s largest companies at #954. [6]
On January 20, 2009 Heartland announced that it had been "the victim of a security breach within its processing system in 2008". [7] The data stolen included the digital information encoded onto the magnetic stripe built into the backs of credit and debit cards; with that data, thieves can fashion counterfeit credit cards by imprinting the same stolen information onto fabricated cards. [8] One estimate claimed 100 million cards and more than 650 financial services companies were compromised; at the time, it was characterized as the largest ever criminal breach of card data. [9]
An American computer hacker, Albert Gonzalez, was sentenced in March 2010 to 20 years in prison for his role in the hacking ring that broke into the Heartland computer systems. [10] In February 2018, two Russian hackers were sentenced for a string of hacking including the Heartland breach. [11]
On May 1, 2009, Visa and Heartland issued a statement that Heartland successfully validated its compliance with PCI DSS and was returned to Visa's list of PCI DSS Validated Service Providers. [12]
On May 24, 2009, Heartland commercially launched their E3, an end-to-end encryption technology designed to safeguard credit and debit card account information from the moment of card swipe and through the Heartland network. [13] Gartner Analyst Avivah Litan stated that Heartland "is basically leading the way for the rest of the industry." She also characterized its plan for end-to-end encryption as the first effort of its kind in the US. [14]
Other processors including Worldpay US and several First Data ISO's announced end-to-end encryption initiatives soon after Heartland announced theirs. [6] [15]
Following a keynote address to the Strategic Leadership Forum of the Electronic Transactions Association in October 2013, Heartland CEO Bob Carr published an open letter to the electronic payment processing industry urging an end to unethical, dishonest and illegal pricing practices, referencing the practice of deliberately falsifying interchange rates, deliberately falsifying merchant category codes (MCC), and the use of confusing small print to extort large fines from merchants. [16]
In January 2014, Heartland filed a lawsuit against the company Mercury Payment Systems, an electronic payment provider, for alleged false advertising and "other deceptive trade practices". [17] The lawsuit concerns interchange fees charged by credit card networks and alleges violations of the Lanham Act and state laws. [18]
In May 2014, Heartland Secure is launched. Backed by a breach warranty, Heartland Secure combines three technologies to provide merchants with security and guard against monetization of stolen card data.[ citation needed ]
In April 2016, Heartland and Global Payments completed their merger agreement. The combined company, Global Payments Inc., is publicly traded (NYSE: GPN), and has more than 8,500 employees worldwide. [19]
Tokenization, when applied to data security, is the process of substituting a sensitive data element with a non-sensitive equivalent, referred to as a token, that has no intrinsic or exploitable meaning or value. The token is a reference that maps back to the sensitive data through a tokenization system. The mapping from original data to a token uses methods that render tokens infeasible to reverse in the absence of the tokenization system, for example using tokens created from random numbers. A one-way cryptographic function is used to convert the original data into tokens, making it difficult to recreate the original data without obtaining entry to the tokenization system's resources. To deliver such services, the system maintains a vault database of tokens that are connected to the corresponding sensitive data. Protecting the system vault is vital to the system, and improved processes must be put in place to offer database integrity and physical security.
The point of sale (POS) or point of purchase (POP) is the time and place at which a retail transaction is completed. At the point of sale, the merchant calculates the amount owed by the customer, indicates that amount, may prepare an invoice for the customer, and indicates the options for the customer to make payment. It is also the point at which a customer makes a payment to the merchant in exchange for goods or after provision of a service. After receiving payment, the merchant may issue a receipt for the transaction, which is usually printed but can also be dispensed with or sent electronically.
Automatic Data Processing, Inc. (ADP) is an American provider of human resources management software and services, headquartered in Roseland, New Jersey.
Verifone is an American multinational corporation headquartered in Coral Springs, Florida. Verifone provides technology for electronic payment transactions and value-added services at the point-of-sale. Verifone sells merchant-operated, consumer-facing and self-service payment systems to the financial, retail, hospitality, petroleum, government and healthcare industries. The company's products consist of POS electronic payment devices that run its own operating systems, security and encryption software, and certified payment software, and that are designed for both consumer-facing and unattended environments.
A payment gateway is a merchant service provided by an e-commerce application service provider that authorizes credit card or direct payments processing for e-businesses, online retailers, bricks and clicks, or traditional brick and mortar. The payment gateway may be provided by a bank to its customers, but can be provided by a specialised financial service provider as a separate service, such as a payment service provider.
First Data Corporation is a financial services company headquartered in Atlanta, Georgia, United States. The company's STAR Network provides nationwide domestic debit acceptance at more than 2 million retail POS, ATM, and at online outlets for nearly a third of all U.S. debit cards.
Total System Services, Inc., is an American financial technology company headquartered in Columbus, Georgia. In 2019, TSYS was merged into Global Payments Inc. TSYS is the largest third-party payment processor for issuing banks in North America, with a 40% market share, and one of the largest in Europe. It provides payment processing services, merchant services and related payment services. It also provides reloadable prepaid debit cards and payroll cards, and demand deposit accounts to the underbanked.
Moneris is a Canadian financial technology company that specializes in payment processing.
The Payment Card Industry Data Security Standard is an information security standard used to handle credit cards from major card brands. The standard is administered by the Payment Card Industry Security Standards Council, and its use is mandated by the card brands. It was created to better control cardholder data and reduce credit card fraud. Validation of compliance is performed annually or quarterly with a method suited to the volume of transactions:
The payment card industry (PCI) denotes the debit, credit, prepaid, e-purse, ATM, and POS cards and associated businesses.
A payment terminal, also known as a point of sale (POS) terminal, credit card machine, card reader, PIN pad, EFTPOS terminal, is a device which interfaces with payment cards to make electronic funds transfers. The terminal typically consists of a secure keypad for entering PIN, a screen, a means of capturing information from payments cards and a network connection to access the payment network for authorization.
Atom TechnologiesLimited is a payment services provider company headquartered in Mumbai, India.
Worldpay Group plc was a payment processing company. It was formerly listed on the London Stock Exchange until 16 January 2018 when it was acquired by Vantiv. The combined company then took the name Worldpay, Inc. Worldpay, Inc. was acquired by FIS in July 2019 for $43 billion.
ACI Worldwide Inc. is a payment systems company headquartered in Miami, Florida. ACI develops a broad line of software focused on facilitating real-time electronic payments. These products and services are used globally by banks, financial intermediaries such as third-party electronic payment processors, payment associations, switch interchanges, merchants, corporations, and a wide range of transaction-generating endpoints, including automated teller machines ("ATM"), merchant point of sale ("POS") terminals, bank branches, mobile phones, tablet computers, corporations, and internet commerce sites.
Worldpay, Inc. was an American payment processing company and technology provider. In June 2019 it was acquired and merged into Fidelity National Information Services (FIS). Before its acquisition, it was headquartered in the greater Cincinnati, Ohio area. Worldpay, Inc., was the largest U.S. merchant acquirer ranked by general-purpose transaction volume.
Simpay is a United States based company that provides card processing services, payroll, Point of sale (POS) systems, gift and reward cards, ATM services, and merchant cash advances to smaller businesses in a wide variety of industries in the United States.
Dexter is a computer virus or point of sale malware which infects computers running Microsoft Windows and was discovered by IT security firm Seculert, in December 2012. It infects PoS systems worldwide and steals sensitive information such as credit and debit card information.
Cayan is a provider of payment technologies and merchant services, based in Boston, Massachusetts. The company enables payments in physical stores and mobile locations, as well as e-commerce. Cayan was acquired by TSYS in December 2017 and operates as wholly-owned subsidiary of TSYS.
Point-to-point encryption (P2PE) is a standard established by the PCI Security Standards Council. Payment solutions that offer similar encryption but do not meet the P2PE standard are referred to as end-to-end encryption (E2EE) solutions. The objective of P2PE and E2EE is to provide a payment security solution that instantaneously converts confidential payment card data and information into indecipherable code at the time the card is swiped, in order to prevent hacking and fraud. It is designed to maximize the security of payment card transactions in an increasingly complex regulatory environment.
Global Payments Inc. is an American multinational financial technology company that provides payment technology and services to merchants, issuers and consumers. In June 2021, the company was named to the Fortune 500. The company processes payments made through credit cards, debit cards, and digital and contactless payments.