http://www.networkworld.com/news/2009/091409-heartland-ceo-credit-card-encryption.html By Grant Gross IDG News Service 09/14/2009 Credit card transactions in the U.S. are often not encrypted, and credit card vendors, payment processors and retailers need to embrace an encryption standard to protect credit card numbers, the CEO of a breached payment processor said Monday. Credit card numbers are not now required in payment card industry guidelines to be encrypted in transit between retailers, payment processors and card issuers, Robert Carr, chairman and CEO of Heartland Payment Systems, told a U.S. Senate committee. Heartland in January announced the discovery of a data breach that left tens of millions of credit card numbers exposed to a gang of hackers. "I now know that this industry needs to, and can, do more to better protect it against the ever-more-sophisticated methods used by these cybercriminals," Carr told the Senate Homeland Security and Governmental Affairs Committee. "I believe it is critical to implement new technology, not just at Heartland, but industrywide." The purpose of the committee hearing was, in part, to determine whether new legislation is needed to fight cybercrime. Heartland is pushing for the credit card industry to adopt an end-to-end encryption standard, he said, and the company is deploying tamper-resistant point-of-sale terminals at its member retailers. "Our goal is to completely remove payment account numbers of credit and debit cards and magnetic-stripe data so they are never accessible in a useable format in the merchant or processor systems," Carr said. [...] ________________________________________ Did a friend send you this? From now on, be the first to find out! Subscribe to InfoSec News http://www.infosecnews.orgReceived on Mon Sep 14 2009 - 22:31:58 PDT
This archive was generated by hypermail 2.2.0 : Mon Sep 14 2009 - 22:45:10 PDT