[ISN] Heartland Gets Religion on Security

From: InfoSec News <alerts_at_private>
Date: Thu, 18 Jun 2009 04:10:04 -0500 (CDT)
http://blogs.wsj.com/digits/2009/06/17/heartland-gets-religion-on-security/

By Ben Worthen
Digits
The Wall Street Journal
June 17, 2009

Heartland Payment Systems CEO Bob Carr is an unlikely spokesman for tech 
security. But that’s what he’s emerging as.

The credit-card processor suffered one of the largest data breaches ever 
disclosed last year. But rather than taking the time-honored approach of 
staying quiet and hoping that the negative publicity goes away, Carr is 
talking openly about what went wrong, the problems with the industry’s 
security standards, and a new product his company developed to help 
merchants protect customer data.

Heartland is the middleman in card purchases. When customers swipe their 
cards at stores, the data on them are transmitted to processors like 
Heartland, which passes them on to the banks that issued the cards. The 
company announced in January that a hacker had managed to gain access to 
this card information for the 100 million transactions it handles each 
month.

Aside from the scale, the breach stood out from the hundreds of others 
reported each year because Heartland had recently passed a security 
audit.

Carr says that one lesson he’s learned from the breach is that the 
industry’s security standard, called Payment Card Industry or PCI, 
doesn’t go far enough. It’s the “lowest common denominator,” he says, 
adding that the audit didn’t detect the vulnerability that led to the 
hack even though it had existed for years.

[...]


_____________________________________________
Visit the InfoSec News security bookstore!
http://www.shopinfosecnews.org 
Received on Thu Jun 18 2009 - 02:10:04 PDT

This archive was generated by hypermail 2.2.0 : Thu Jun 18 2009 - 02:19:04 PDT