Heartland Gets Religion on Security

Heartland Gets Religion on Security
Heartland Gets Religion on Security

  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

Content-Transfer-Encoding: QUOTED-PRINTABLE

By Ben Worthen
The Wall Street Journal
June 17, 2009

Heartland Payment Systems CEO Bob Carr is an unlikely spokesman for tech 
security. But that=E2=80=99s what he=E2=80=99s emerging as.

The credit-card processor suffered one of the largest data breaches ever 
disclosed last year. But rather than taking the time-honored approach of 
staying quiet and hoping that the negative publicity goes away, Carr is 
talking openly about what went wrong, the problems with the industry=E2=80=99s 
security standards, and a new product his company developed to help 
merchants protect customer data.

Heartland is the middleman in card purchases. When customers swipe their 
cards at stores, the data on them are transmitted to processors like 
Heartland, which passes them on to the banks that issued the cards. The 
company announced in January that a hacker had managed to gain access to 
this card information for the 100 million transactions it handles each 

Aside from the scale, the breach stood out from the hundreds of others 
reported each year because Heartland had recently passed a security 

Carr says that one lesson he=E2=80=99s learned from the breach is that the 
industry=E2=80=99s security standard, called Payment Card Industry or PCI, 
doesn=E2=80=99t go far enough. It=E2=80=99s the =E2=80=9Clowest common denominator,=E2=80=9D he says, 
adding that the audit didn=E2=80=99t detect the vulnerability that led to the 
hack even though it had existed for years.


Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Visit the InfoSec News security bookstore! 


Site design & layout copyright © 1986-2015 CodeGods