http://www.networkworld.com/news/2009/091409-heartland-ceo-credit-card-encryption.html 

By Grant Gross 
IDG News Service 
09/14/2009

Credit card transactions in the U.S. are often not encrypted, and credit 
card vendors, payment processors and retailers need to embrace an 
encryption standard to protect credit card numbers, the CEO of a 
breached payment processor said Monday.

Credit card numbers are not now required in payment card industry 
guidelines to be encrypted in transit between retailers, payment 
processors and card issuers, Robert Carr, chairman and CEO of Heartland 
Payment Systems, told a U.S. Senate committee. Heartland in January 
announced the discovery of a data breach that left tens of millions of 
credit card numbers exposed to a gang of hackers.

"I now know that this industry needs to, and can, do more to better 
protect it against the ever-more-sophisticated methods used by these 
cybercriminals," Carr told the Senate Homeland Security and Governmental 
Affairs Committee. "I believe it is critical to implement new 
technology, not just at Heartland, but industrywide." The purpose of the 
committee hearing was, in part, to determine whether new legislation is 
needed to fight cybercrime.

Heartland is pushing for the credit card industry to adopt an end-to-end 
encryption standard, he said, and the company is deploying 
tamper-resistant point-of-sale terminals at its member retailers. "Our 
goal is to completely remove payment account numbers of credit and debit 
cards and magnetic-stripe data so they are never accessible in a useable 
format in the merchant or processor systems," Carr said.

[...]


________________________________________ 
Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 
http://www.infosecnews.org