September 21, 2009
-
Heartland CEO Speaks on Encryption, Pt.4
How could this go on for so long?All in all, this credit card breach continued for the better part of a year-and-a-half. Heartland was nailed for around $32 million in investigations charges, lawsuits and other damage controls. Heartland's still in the thick of it and has to face some tough scrutiny. Due to the scope (millions of credit card accounts), senators like Susan Collins of Maine want to know how it is possible that Heartland didn't catch this colossal credit card heist for such a great length of time. The response from Mr. Carr is a little perplexing but is almost tantamount to saying "nobody complained".
The industry does employ great sophistication in credit card fraud detection but most of these rely on fraudulent charges reported. Apparently, these cyber-thieves were savvy enough to withhold use of the cards until they had acquired an sizable cache of millions of accounts. Fraudulent use of the credit cards didn't hit the streets for a year-and-a-half after the operation began. That was when and how the breach was discovered.
Of course, other methods of detecting breaches are used but, since these occurrences lacking actual charges on the credit cards are so rare that, when this case did happen, the thieves took the trouble to spoof these mechanisms. How this was done is still confidential, owing to the on-going investigations.
The magnitude of the breach quickly turns into one of those scientific-notation figures. Who can understand the size of 130 million debit and credit card accounts? The good news is that the slimeball was finally caught. Live from Miami, former fed protégé, Albert Gonzales is exposed. Having been trained by the feds in fraud detection, Albert must have been tempted to try some of these techniques at home. Now he finds himself charged (along with some unnamed Ruskys) with conspiracy and fraud by use of "SQL-injection queries". This a technique of eliciting hidden data from SQL servers (such as those used by TJ Max, Heartland and Main-based Hannaford Brothers). Gonzales has already plead guilty in New York and Massachusetts courts. The full extent of the damage, however, has yet to be determined.