Another gem from The Consumerist today. According to the Washington Post, Heartland Payment Systems, a payment processor that handles credit card payments for over 250,000 businesses, has had more than 100 million transactions compromised through malicious software that had been unknowingly installed on its network. As if the situation were not bad enough, Heartland’s CFO has been putting on a stunning display of what not to do when managing a crisis. Not only will Heartland not be extending the standard offer of free credit monitoring to anyone potentially affected, but they refuse to release information regarding which businesses were affected, stating that it would be unfair to mention any one of their company’s customers. CFO Baldwin is quoted as saying “No merchant of ours represents even [one-tenth of one percent] of our volume…their customers might end up having their cards used fraudulently, but that fraud might turn out to have come from their store, or it might be from another Heartland store and no one will ever really know.”
Heartland and Baldwin have unwittingly violated some of the major tenets of crisis response, most of all lack of disclosure. In this day and age the first thing a company or individual should do in time of crisis is to lay it all on the table. By not doing this they give fuel to the thought that, as the article says, “It’s clear that Heartland is in the business of servicing other businesses, not consumers…”
JB
Jonathan Bernstein
www.bernsteincrisismanagement.com