Page 38 - GS230701
P. 38
Inspiration
Remedial actions after a crisis
make a huge difference
f you were in the payments industry back in January (intentional or unintentional), fess up right away. It'll only
2009, you might recall that in addition to the onset get worse in the end if you lie about it. It makes sense, but
of what came to be called the "Great Recession," it can be difficult to follow. But facing the problem head on
I data breaches were big news in our realm. RBS is the first step toward getting over it and back on track.
Worldpay and Heartland Payment Systems discovered
they'd been clobbered by data breaches in 2008 and were A list to follow
reeling as a result. So here's more of a formal list of things to do when you're
faced with a situation that has the potential to harm or put
As is the way with payments enterprises, the two com- and end to your company:
panies morphed over the years: Worldpay no longer ex-
ists, having been absorbed by FIS in 2019, and Heartland 1. Acknowledge the mistake, lapse or other nega-
Payment Systems is now a subsidiary of Global Payments. tive, potentially harmful event.
And while there isn't much in our archives from the time 2. Communicate about it promptly.
about what kind of remedial actions RBS took, we have
several articles about steps Robert O. Carr, the company's 3. Apologize and mean it.
chairman and CEO took. He was a very busy man. 4. Provide immediate solutions.
An example to follow 5. Compensate if necessary.
6. Review and improve processes.
His actions are a fine example of what to do in the wake
of a negative event. Among the actions Carr and his staff 7. Enhance transparency and accountability.
took were to make sure any unauthorized flow of infor- 8. Learn from the mistake.
mation from the breach was stopped immediately; reach
out to merchants, partners and other industry stakehold- 9. Maintain ongoing communication with affected
parties.
ers to alert them to the breach rather than try to hide it;
determine ways to mitigate potential harm; establish 10. Rebuild relationships.
information-sharing among peers in the industry, card
brands, PCI Security Standards Council and government Heartland took a big hit, one that could have ruined the
agencies about breaches and how to prevent them, some- company. But the company did recover, and in 2016, Carr
thing that was new at the time; cooperate fully with inves- sold Heartland to Global Payments for a reported $4.3 bil-
tigative and certifying entities; and develop new technol- lion. So, if your company becomes responsible for a harm-
ogy to safeguard data. Heartland's E3 terminal, launched ful situation down the road, don't lose heart. Be the best
in May 2009, employed end-to-end encryption, which was leader you can be. Face the situation head on. It is your
groundbreaking at the time and is now the norm. actions in the wake of such an incident that will make or
break your reputation and future prosperity.
Did Heartland take a reputational and financial hit? Abso-
lutely. Did the company's actions in response to the crisis
speed recovery. A resounding yes.
This reminds me a little bit of advice parents often give to
their children when young: If you do something wrong Kate Gillespie, President and CEO
38
