Heartland Filing Contradicts Its Own Statements About Abandoning Retail Customers

Written by Evan Schuman
November 4th, 2009

Proving that there’s never anything so bizarre in payment security circles that some vendor can’t upgrade it to surreal, Heartland Payment Systems and VeriFone this week issued dueling news releases. Each accused the other of either stealing intellectual property or trying to abandon Heartland’s retail customers.

That was bizarre. But when Heartland issued a statement that directly—almost word for word—contradicted its own legal filings, the situation took an Alice In Wonderland twist that makes retail tech worth covering.

The backdrop to this food fight is a pair of lawsuits between the two vendors. VeriFone in September sued Heartland, accusing it of trying to sell a POS terminal that infringes on a patent owned by VeriFone Israel (formerly Lipman Electronic Engineering), a subsidiary of VeriFone Holdings, according to The Nilson Report. VeriFone specifically said that the new Heartland device infringes on a patent covering “an antitamper enclosure for electronic circuitry in a point-of-sale terminal,” Nilson reported.

But Heartland then counter-sued, saying that VeriFone had threatened to cut off hardware, software and support services.

Then on Tuesday (Nov. 3), VeriFone issued a statement aimed at Heartland customers in which it offered to deliver—for free–“complete alternative support to merchants who are currently utilizing VeriFone payment solutions on Heartland Payment Systems‘ network.”

VeriFone’s statement said that it “is taking action to prevent any disruption to merchants after determining that the pending litigation over Heartland’s continual infringement of a VeriFone patent is likely to impact Heartland’s ability to maintain service levels with its customers. VeriFone has informed Heartland that it will terminate its support relationships with Heartland, effective end of day December 31, 2009.”

At the time the release was issued, Heartland was about to hold an investor call, during which CEO Bob Carr would add $35.6 million to its breach costs for the quarter, including “reserves for offers we made to settle certain claims, as well as charges for the expected costs of settlement of certain other claims.”

Hours later on Tuesday, Heartland issued a counter-statement describing the VeriFone offer as “a disingenuous attack” and dismissing suggestions that Heartland couldn’t support its own customers without VeriFone’s help. Heartland also labeled “false” the suggestion that VeriFone could support those Heartland customers.

“Heartland is fully capable–and will continue to be fully capable–of servicing all of its customers,” the statement quoted Carr as saying. “In fact, VeriFone is not able to support our customers. They can’t, because our customers operate on our proprietary payments processing platforms. Heartland is the only entity that can provide full service–including ongoing service of VeriFone terminals–to them. This means our servicing of VeriFone-related issues is not–and will not be–impacted by VeriFone’s false claims and unethical attempts to scare our customers.”

Heartland’s statement would have been a powerful one, had it not been contradicted by Heartland’s own legal filings. In its civil lawsuit against VeriFone, in the area where it’s trying to argue that VeriFone’s threat to cut off support is a big deal and worthy of legal intervention, Heartland addressed the issue.

“VeriFone is critical in serving existing customers and troubleshooting for problems with the POS terminals and credit card processing. Heartland provides troubleshooting and systems integration support for its merchants, which requires assistance from VeriFone,” Heartland’s brief said. “If Heartland were to be cut off from any support, its customers would be forced to reach out directly to VeriFone, which would result in a reduction of service to the customers.”

Heartland did not return a call seeking clarification.

VeriFone did respond to calls to clarify, but it also issued a statement to refute some of the Heartland countercharges. For example, Heartland said that its payment system is proprietary and that VeriFone, therefore, couldn’t support it.

“First, a majority of Heartland merchants do not use Heartland’s proprietary payment application, they instead use VeriFone’s SoftPay,” the VeriFone statement said. “Second, Heartland’s application relies on VeriFone’s platforms, operating systems and libraries. VeriFone will provide operational support, which includes transaction reports, functional issues and operational issues. Merchants will continue to rely on Heartland for reconciliation of payment issues.”

VeriFone said that “Heartland has approximately 240,000 merchants in total and VeriFone systems currently support an estimated 75 percent of Heartland’s restaurant, retail and petroleum customers.”


3 Comments | Read Heartland Filing Contradicts Its Own Statements About Abandoning Retail Customers

  1. Alex Says:

    The first reaction that you have is that ‘when it rains it pours’ for Heartland and that they seem to be having a lot of bad luck, but then you think about it a bit more and you have to wonder about decision making…

    It seems like the problems that they are having lately are largely self-inflicted through poor or poorly thought-out decisions.

    I also don’t think it helps things when Bob decides that he’s going to be the one that comes out to discuss the problems, because he seems very focused on blaming anyone and anything for Heartland’s mistakes.

  2. Brian Says:

    I agree with Alex. Heartland has some real risk management issues, which have led to some really poor decisions. Not only did they improperly address PCI compliance by using a checklist approach, rather than a risk-based approach (Note to Heartland: Compliance is not security!); They’ve completely ignored the fact that they have a heavy reliance on a key supplier and they could find themselves out on the street if they alienate them, especially when that supplier is also a competitor.

  3. Tom Anderson Says:

    Bob Carr has developed a personality cult among his employess. However, he is finding that outsiders do not buy into his claims. And yes, I agree with above, all Carr does is play the blame game. I also am learning that Heartland has other internal problems as well. Their employee email system is as porous as a fish net. Their sales force is demoralized and underpaid and their service center is extremely disorganized. I also understand that that Heartland field techs are disatisfied and severly underpaid.


StorefrontBacktalk delivers the latest retail technology news & analysis. Join more than 60,000 retail IT leaders who subscribe to our free weekly email. Sign up today!

Most Recent Comments

Why Did Gonzales Hackers Like European Cards So Much Better?

I am still unclear about the core point here-- why higher value of European cards. Supply and demand, yes, makes sense. But the fact that the cards were chip and pin (EMV) should make them less valuable because that demonstrably reduces the ability to use them fraudulently. Did the author mean that the chip and pin cards could be used in a country where EMV is not implemented--the US--and this mis-match make it easier to us them since the issuing banks may not have as robust anti-fraud controls as non-EMV banks because they assumed EMV would do the fraud prevention for them Read more...
Two possible reasons that I can think of and have seen in the past - 1) Cards issued by European banks when used online cross border don't usually support AVS checks. So, when a European card is used with a billing address that's in the US, an ecom merchant wouldn't necessarily know that the shipping zip code doesn't match the billing code. 2) Also, in offline chip countries the card determines whether or not a transaction is approved, not the issuer. In my experience, European issuers haven't developed the same checks on authorization requests as US issuers. So, these cards might be more valuable because they are more likely to get approved. Read more...
A smart card slot in terminals doesn't mean there is a reader or that the reader is activated. Then, activated reader or not, the U.S. processors don't have apps certified or ready to load into those terminals to accept and process smart card transactions just yet. Don't get your card(t) before the terminal (horse). Read more...
The marketplace does speak. More fraud capacity translates to higher value for the stolen data. Because nearly 100% of all US transactions are authorized online in real time, we have less fraud regardless of whether the card is Magstripe only or chip and PIn. Hence, $10 prices for US cards vs $25 for the European counterparts. Read more...
@David True. The European cards have both an EMV chip AND a mag stripe. Europeans may generally use the chip for their transactions, but the insecure stripe remains vulnerable to skimming, whether it be from a false front on an ATM or a dishonest waiter with a handheld skimmer. If their stripe is skimmed, the track data can still be cloned and used fraudulently in the United States. If European banks only detect fraud from 9-5 GMT, that might explain why American criminals prefer them over American bank issued cards, who have fraud detection in place 24x7. Read more...

Our apologies. Due to legal and security copyright issues, we can't facilitate the printing of Premium Content. If you absolutely need a hard copy, please contact customer service.