February 25,2009
-
News: So, what have you been doing with yourself, Heartland?
Quite a bit, it seems. Because of what just happened with the monumental credit card breach, they have arrived resolutely at the thought that the high standards that they already had in place were still not good enough. That one ‘little' weakness of the momentary interlude where credit card data would pass through an unencrypted transformational state was still too risky. So now, they are engaging in an new level of security where a security envelope completely encases the credit card process end-to-end.
Shocked by the discovery that highly-sophisticated intruders had still managed to slip malicious data-sniffing snoopware from the ‘inside' of their networks, Heartland realized that credit card data protected only from the outside was still vulnerable. So, Steven Elefant is now heading up a department that will be dedicated to implementing end-to-end encryption for Heartland's corporate networks –both, inside and out. As Heartland's chairman and CEO, Robert Carr, explains: "PCI is a good and effective standard, but the bad guys have become more sophisticated to the point where encryption of data in motion appears to be one of the next required steps." He, further, commented on the breach, the credit card breach took place as the data was crossing between networks. This new initiative will ensure data security whenever the data is in motion, in the future.
Some suggest that the blame lies in the weakness of PCI security standards (PCI DSS) because they only require participating firms to encrypt credit card information when traveling over public networks. But this attitude reflects the lack of understanding of the purpose of PCI standards. These standards are intended as general safety precautions, implemented industry-wide. There will be cases where some firms must be held to higher standards. Even that standard, itself, is ever-changing. Each time a better rat trap is implemented, more sophisticated rats will evolve. As a result, now, "encryption of ‘data in motion' appears to be one of the next required steps," states Mr. Carr. ‘PCI DSS' is only a starting point.