VISA has removed Heartland and RBS Worldpay from their list of PCI DSS compliant vendors. This effectively puts these processors on probation while they recertify their PCI DSS compliance using a QSA (Qualified Security Assessor). They are still able to process VISA transactions during this time. See Article
Credit card issuers will also be able to get at least partial reimbursement for reissuing credit cards and fees associated with customer fraud and losses. This is good news because over 600 banks have already reported losses associateed with the Heartland breach.
This is one of the first signs of real “teeth” in the PCI DSS. Card brands are taking these breaches seriously and placing the blame and responsibility at the feet of those at fault. I think this is a good move for VISA. Until now, PCI was beginning to look like a way to hide from responsibility and fend off lawsuits. With this move, it just may move in the direction of compelling merchants and processors to take data security seriously for the purpose of eliminating consumer fraud. Lets hope anyway.
