RBS WorldPay statement
In response to my request for a statement, a spokesperson for RBS WorldPay sent this statement:
RBS WorldPay received its Payment Card Industry (PCI) Report on
Compliance (ROC) in June of 2008 by a qualified assessor. Visa has asked us to obtain a new certification of PCI compliance because of the recent data-security compromise. Visa has removed us from its list of approved PCI-compliant processors until the new certification is
complete. Our goal is to have a new ROC by the end of April.
There have been no material system changes that would have negatively altered this certification and we have in fact enhanced the security of our systems in the interim. Because of the criminal intrusion, we need to be recertified earlier than the normal schedule.
Both Heartland Payment Systems and RBS WorldPay had been assessed for PCI DSS compliance by TrustWave. If I understand the PCI DSS council’s procedures, a different assessor will need to be used for any re-assessment under these circumstances.