http://blogs.wsj.com/digits/2009/06/17/heartland-gets-religion-on-security/ By Ben Worthen Digits The Wall Street Journal June 17, 2009 Heartland Payment Systems CEO Bob Carr is an unlikely spokesman for tech security. But that’s what he’s emerging as. The credit-card processor suffered one of the largest data breaches ever disclosed last year. But rather than taking the time-honored approach of staying quiet and hoping that the negative publicity goes away, Carr is talking openly about what went wrong, the problems with the industry’s security standards, and a new product his company developed to help merchants protect customer data. Heartland is the middleman in card purchases. When customers swipe their cards at stores, the data on them are transmitted to processors like Heartland, which passes them on to the banks that issued the cards. The company announced in January that a hacker had managed to gain access to this card information for the 100 million transactions it handles each month. Aside from the scale, the breach stood out from the hundreds of others reported each year because Heartland had recently passed a security audit. Carr says that one lesson he’s learned from the breach is that the industry’s security standard, called Payment Card Industry or PCI, doesn’t go far enough. It’s the “lowest common denominator,” he says, adding that the audit didn’t detect the vulnerability that led to the hack even though it had existed for years. [...] _____________________________________________ Visit the InfoSec News security bookstore! http://www.shopinfosecnews.orgReceived on Thu Jun 18 2009 - 02:10:04 PDT
This archive was generated by hypermail 2.2.0 : Thu Jun 18 2009 - 02:19:04 PDT