Does transaction-processor Heartland Payment Systems [HPY] fall into the “busted growth stock” category?
AJ: The company did enjoy a long run of success, having grown from its start in 1997 to become the U.S.’s fifth-largest bank-card payment processor by number of transactions and the eighth-largest by transaction dollar value. They focus primarily on small and mid-size enterprises – restaurants, for example, account for 30% of the business – although they have started to service some larger national accounts.
The company’s stock has been hit on two primary fronts. First, the economic downturn and resulting cutback in consumer spending has resulted in negative same-store sales for the past five quarters, which we expect to continue through the rest of the year. Second, the company disclosed earlier this year that its computer systems had been compromised, resulting in stolen cardholder data.
Because of ongoing legal issues, disclosure about the specifics of the breach and its ultimate cost has been fairly limited, which has been a big overhang on the stock.
How do you address the security issue?
AJ: The breach was significant, but in our opinion only a temporary issue that will not have a lasting effect on the business model. What happened was their networks were infiltrated by what’s called “sniffer” software, which took a picture of credit-card numbers as they were traveling by and deposited them where the bad guys could see them. The big unknown right now is the ultimate cost to Heartland of fixing the problem, reimbursing card issuers for incremental costs, paying fines and settling any legal liabilities.
There aren’t many public data points to look at, but after studying a high-profile data breach Target had a couple years ago, we originally thought the cost to Heartland could be as high as $100 million after taxes. We’ve since reduced that to $50 million, based on the amount of the reserve the company recently set aside and the news that there were several other companies whose systems were similarly compromised.
How have Heartland’s customers responded to all this?
AJ: Customer retention has remained stable, which is a testament to the company’s strong relationship with its merchants. Heartland tries to distinguish itself on that front, investing in its own in-house sales and client-service staff rather than rely on independent brokers who make their money by placing machines, not by servicing clients. The company has also been an industry leader in pushing for increased transparency on rates, to address a long-held complaint of merchants.
Their ability to keep the sales force intact through a difficult environment indicates to us that they’ll continue to increase market share over time by growing their merchant base. As consumer spending eventually bottoms and begins to grow, that should result in a sharp increase in earnings from today’s depressed levels.
Are you counting on that rebound to justify owning the shares at today’s price of around $12.55?
AJ: After subtracting $1.30 per share for our estimate of the cost of the security breach, we put intrinsic value today at around $15.10 per share – 8x estimated EBITDA over the next 12 months. Since we’re basing that on current earnings power in a weak economy, we think that valuation is quite conservative. The shares have often traded closer to 10x EBITDA in the past.
The biggest near-term risk, of course, is that we’ve made a colossal mistake in estimating the ultimate data-breach costs. But if we’re even close to right about that, the uncertainty around the issue is providing us the chance to buy a growth business at a value price. That doesn’t happen very often.