Magazine article American Banker

Card Firms Unmoved by Heartland Encryption Push

Magazine article American Banker

Card Firms Unmoved by Heartland Encryption Push

Article excerpt

Byline: Rebecca Sausner

Heartland Payment Systems' chief executive, Robert Carr, has likened his company's massive data breach to the Tylenol experience when product contamination led to an overhaul of packaging safety.

Mr. Carr has probably had a few "Tylenol moments" himself in recent months while dealing with what may be among the largest data breaches ever (the number of cards compromised remains undisclosed).

Now Mr. Carr is using his standing - he founded Heartland and is respected among processors - to call for industrywide reform of payments technology.

Some observers agree with his stance, but there has been scant comment thus far from the industry's most influential parties, including titans like MasterCard Inc., Discover Financial Services, and Visa Inc.

"Our concern is that an underlying principal of PCI compliance is that data can be held in its native form - unencrypted - as long as it is properly protected within a corporate firewall," said Bob Baldwin, Heartland's chief financial officer. But corporate firewalls are only as strong as their weakest link. "What we're trying to do in end-to-end encryption is, have the data always remain in its encrypted form from the moment of the swipe to the moment it gets to the association," Mr. Baldwin said.

It is easy to make a case that the Heartland breach should be a louder call for industrywide action than other major breaches, including the incidents at Hannaford Brothers Co. or TJX Cos. Inc. Heartland is one of the leading processors, moving 11 million transactions a day, and was known to have invested heavily in security, and it had passed its latest PCI audit.

"I think it's more serious: How much worse can it get than a top 10 processor?" said Avivah Litan, a vice president and research director at the market research company Gartner Inc. "Plus, it's a much bigger target. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.