Visa Inc. has removed Heartland Payment Systems Inc. and RBS WorldPay from its list of service providers compliant with the Payment Card Industry Data Security Standard because of data breaches at the companies, according to a company statement issued to CardLine. A Visa spokesperson would not state what, outside from being removed from the list of compliant providers, may be happening to the two companies. Heartland and RBS WorldPay are actively working on revalidation of PCI DSS compliance using a qualified security assessor," the statement notes. "Visa will consider relisting both organizations following their submissions of their PCI DSS reports on compliance." Princeton, N.J.-based Heartland disclosed a breach in January that affected an undetermined number of cards (CardLine, 1/20), and RBS WorldPay disclosed in December that hackers potentially had compromised the personal information of 1.5 million prepaid cardholders and the Social Security numbers of 1.1 million individuals (CardLine, 12/29/08). Visa on Thursday posted on its Web site an updated list of PCI-compliant service providers that does not include Heartland or RBS WorldPay. "Visa has asked us to obtain a new certification of PCI compliance because of the recent data-security compromise," says an RBS WorldPay spokesperson, noting the Atlanta-based processor hopes to have a new report on compliance by the end of April. "There have been no material system changes that would have negatively altered this certification, and we have, in fact, enhanced the security of our systems in the interim. Because of the criminal intrusion, we need to be recertified earlier than the normal schedule." Heartland is undergoing a PCI DSS assessment and believes it will be completed no later than May 2009, a Heartland spokesperson tells CardLine. "Heartland is cooperating fully with Visa and other card brands and we are committed to having a safe and secure processing environment," according to the Heartland spokesperson.