Customer focused companies?

Heartland Payment Systems, which processes payments for -- depending on which story you read, 175,000 or 250,000 small businesses across the U.S., has discovered that hackers have been using an embedded program to extract customer credit and debit card numbers for months, making this potentially the largest such heist in American history, potentially topping 100 million numbers. Heartland characterizes its months-long security lapse as "an unfortunate incident."

A decent response to this unfortunate incident would be for HPS to provide on its website an easily searchable list of companies it serves, so that consumers can determine whether they've patronized any of those businesses. Heartland claims in its press release that cardholders "are not responsible for unauthorized fraudulent charges," but that's only if we dispute the charge within a limited amount of time. So how about full disclosure? Nothing doing, says Heartland, because, given that none of its clients represents a large amount of the total, listing client names wouldn't be "fair."

That's certainly true were HPS to provide only a partial list of businesses that have used its services. But why not provide the entire list, given that it has yet to determine the extent of the theft, or who might be affected? Business owners might reply that this could lead to a sales hit, should customers decide to stop doing business with them for fear that they can't protect our credit information.

For an enjoyable bit of corporate spin, meanwhile, check out Heartland's press release more closely. Its subheading announces: "No merchant information or cardholder Social Security numbers compromised." That's certainly comforting, except for the part (not directly stated in the press release) about possibly 100 million credit and debit card numbers being stolen. One gets the impression, from the subtitle as well as a paragraph listing all the numbers that weren't stolen from Heartland, alongside the absence of a definitive statement about what was in fact stolen, that this press release is designed to subtly convey the notion that no significant information was stolen at all. It was just "an unfortunate incident." Nothing to see here folks. Move along.

Speaking of corporate spin, it's interesting to watch the evolution of press releases from Peanut Corporation of America (yes, that's its real name), whose products have been implicated in a spate of salmonella poisonings across the U.S. and Canada. On January 13 the company announced a limited voluntary recall. This magnanimous act was performed "out of an abundance of caution," explained its owner and president. A single, underlined sentence in the middle of the release seeks to assuage concern: "None of the peanut butter being recalled is sold directly to consumers through retail stores."

Fast-forward a few days, when health officials are reporting a rise in poisonings, and the bacteria has been traced to a great many more products relying on PCA than originally thought. Apparently that "abundance of caution" wasn't so abundant.

Far more abundantly cautious (and worrisome) is the FDA's recent announcement that consumers should avoid peanut-butter products altogether, until they can get to the bottom of things. Given the potential lethality of salmonella, that's the kind of caution that one might expect from someone who claims that the safety of consumers is his first priority, as PCA's president declared in the initial press release . . . a release which apparently rapidly became outdated. Hence a new press release, with a slightly revised statement of assuagement: "None of the peanut butter being recalled is sold directly to consumers through retail stores by PCA."

Note the addition of "by PCA" to the original sentence. PCA doesn't, so far as I can tell, sell anything directly to consumers through retail outlets. But it's becoming apparent that a whole mess of their poisonous peanut butter has made its way into products that are sold in retail outlets. Hence the clever "by PCA" addition, which allows the pretense that somehow they are less culpable, or the threat less ominous.

The travails of Heartland Payment Systems and Peanut Corporation of America are all the more fascinating because each makes a hyperbolic boast on its website. The slogans under Heartland's logo read, for example: "The Highest Standards. The Most Trusted Transactions." Not after losing 100 million credit card numbers, I'll wager. The slogan under Peanut Corporation's logo, meanwhile, reads: "Processor of the World's Finest Peanut Products." Eh, not so much. Which raises the question: will they change their slogans? Perhaps Heartland could go with something like: "The Highest Standards, Which Sometimes We Meet." Peanut Corporation could try something like: "Most people who eat our products don't even throw up."