Heartland's Carr Calls for End-to-End Encryption To Stop Breaches - 0 views
-
Karl Wabst on 21 Apr 09Nearly one week after news emerged of the big data breach at Princeton, N.J.-based merchant acquirer Heartland Payment Systems Inc., it remains unclear how much damage actually happened and who did it. One report suggests Heartland's breach-related legal liabilities could approach $98 million, an estimate a Heartland spokesperson dismisses as speculative. The spokesperson tells Digital Transactions News on Monday that the so-called "sniffer" program secretly planted on one of Heartland's payment-processing platforms was not being used when investigators found it about two weeks ago. "It was inactive," the spokesperson says. "I want to be specific to say it was inactive," he adds, clarifying that the hackers hadn't deliberately disabled or deactivated it. Robert Carr, Heartland's chief executive, meanwhile, issued a statement calling for better industry cooperation and new operational procedures to prevent future data compromises, including industrywide, end-to-end encryption to fully protect cardholder data. Heartland uses encryption, but industry procedures leave data unencrypted during one brief point of the authorization process-a weakness that hackers have learned to exploit. Carr also said Heartland is working on its own system of end-to-end encryption.