(March 24, 2009) After weeks of bad tidings, there is some positive news for Heartland Payment Systems Inc., the Princeton, N.J.-based merchant acquirer struggling to recover from a data breach late last year. Last week, SAC Capital Partners, a high-profile hedge fund known for its investment savvy, bought 767,300 shares, or about 2%, of Heartland’s outstanding stock.

Steven A. Cohen, founder of SAC Capital Partners, manages about $14 billion in investments, accounting for about 3% of daily volume on the New York Stock Exchange and 1% of NASDAQ daily volume. Cohen, dubbed the “New Prince of Wall Street” by the New York Times and the “Hedge Fund King” by the Wall Street Journal, was not available to comment on the purchase. But some analysts believe SAC found the combination of the precipitous drop in Heartland’s share price and the sound fundamentals of Heartland’s business attractive.

Still, in a sign that Heartland is still on the defensive, it has been sending cease-and-desist letters to competitors. These rivals are allegedly claiming that merchants will be fined for non-compliance with the PCI standard if they use Heartland’s processing services. Visa Inc. earlier this month dropped Heartland from its list of PCI-certified service providers.

Heartland's stock closed at $15.44 per share on Jan. 16, the last trading day before the company disclosed the breach on Jan. 20. On Monday, Heartland's shares closed at $5.72—a 63% loss in just over two months. “What we think, and what SAC may think, is that the fundamental business of Heartland in the long term is pretty strong, but (Heartland has) this short, intermediate hump to overcome,” says Drew Woodbury, a Chicago-based equity analyst with MorningStar Inc.

Adds George Peabody, director of the emerging technologies advisory service of at Boston-based Mercator Advisory Group: “Heartland’s not going to be in the dog house forever. They’ll address their problem, and become (compliant with the Payment Card Industry data security standards) again.”

A Heartland spokesman declined to name the companies addressed by its cease-and-desist letters but says “it appears to be overzealousness by sales staff in the field” and that the companies appear to be correcting the situation. In a letter posted on Heartland’s Web site, chief executive Robert Carr says the company has informed competitors their “untrue and misleading claims are baseless and unlawful. Heartland intends to initiate legal action against them if they do not immediately stop making these claims.”

Carr noted that Visa has issued a statement to Gartner Inc., a Stamford, Conn.-based research firm, indicating that merchants can continue to do business with Heartland and RBS WorldPay, another breach victim dropped from Visa’s certified list, without threat of fines. According to Gartner, merchants will not be fined if they are compliant with all other PCI requirements and as long as Heartland and RBS continue to work toward revalidating their PCI-compliance status.

“Visa clearly did not want to risk putting the processors out of business, partly because of the potentially enormous disruption to their hundreds of thousands of merchant customers,” Avivah Litan, Gartner analyst, said in a report issued Monday.

Heartland expects to be revalidated as PCI-compliant no later than May, Carr said.

Heartland also will defend any merchant against a card brand’s claim to collect a fine based solely on the merchant’s use of Heartland’s processing services, Carr said, adding “Heartland will reimburse you the amount of the fine in the event it is found to be legally enforceable.”

In related news, Carr and his wife Jill, were forced to sell the remaining 4.3 million shares of Heartland’s common stock that they owned directly, according to a March 16 filing with the Securities and Exchange Commission. The shares were pledged as security for a loan and were sold by the lender over a two-week period beginning March 2.

Also on Monday, a New York City law firm filed a class-action lawsuit against Heartland on behalf of shareholders. The suit, filed in U.S. District Court in New Jersey, is one of several that law firms have filed in the wake of Heartland's share price tanking since the breach. Heartland also faces at least 20 other breach-related lawsuits and investigations by public authorities (Digital Transactions News, March 17).