September 15, 2009
-
News: Heartland Speaks Out
Last month Albert Gonzalez was indicted on debit and credit card theft in the nation's largest security breach. Gonzalez and his co-conspirators infiltrated the data base of Heartland Payment Systems with a SQL injection to compromise more than 130 million debit and credit card accounts. Retailers attached during the breach included 7-Eleven stores and Hannaford Brothers Supermarket chain. The breach which was not discovered until January 2009, took place between October 2006 and May 2008. Earlier this week, Robert Carr, Chairman and CEO of Heartland spoke out asking retailers to join forces in fighting debit and credit card fraud by embracing an encryption standard. At a hearing with the Senate Homeland Security and Governmental Affairs Committee, Carr said that most card transactions in the U.S. are not encrypted and the industry needs to start making some changes.
According to Carr, the debit and credit card payment industry standards do not require information be encrypted while in transit between retailer, payment processing companies, and the card company. It is Carr's belief that new technology must be implemented not just within the Heartland system, but throughout the industry as well. Heartland supports an end-to-end encryption standard. Carr also said Heartland will be installing tamper-resistant point-of-sale (POS) devices at its retail sites. Furthermore, Carr stated that it is Heartland's goal to eliminate debit and credit card numbers and magnetic strip information completely during transmission so that "they are never accessible in a useable format."
Heartland is reaching out to credit card companies to join them in accepting an encrypted transaction standard. The company is also asking other payment processing companies to participate in the newly formed informational sharing council which provides a venue for them to share knowledge pertaining to security threats and vulnerabilities. Carr was passionate in his speech as he stated that Heartland is dedicated to establishing a safer payment processing environment that will protect the industry and consumers from falling prey to cybercriminals in the future.