Fwd: Heartland Gets Religion on Security
- From: Jeffrey Walton <noloader@xxxxxxxxx>
- Date: Thu, 18 Jun 2009 07:02:54 -0400
From the folks at Attrition and the DataLossDB.
---------- Forwarded message ----------
From: security curmudgeon <jericho@xxxxxxxxxxxxx>
Date: Jun 18, 2009 5:30 AM
Subject: Heartland Gets Religion on Security
To: dataloss-discuss@xxxxxxxxxxxxxx, dataloss@xxxxxxxxxxxxxx
http://blogs.wsj.com/digits/2009/06/17/heartland-gets-religion-on-security/
By Ben Worthen
Digits
The Wall Street Journal
June 17, 2009
Heartland Payment Systems CEO Bob Carr is an unlikely spokesman for tech
security. But that's what he's emerging as.
The credit-card processor suffered one of the largest data breaches ever
disclosed last year. But rather than taking the time-honored approach of
staying quiet and hoping that the negative publicity goes away, Carr is
talking openly about what went wrong, the problems with the industry's
security standards, and a new product his company developed to help
merchants protect customer data.
Heartland is the middleman in card purchases. When customers swipe their
cards at stores, the data on them are transmitted to processors like
Heartland, which passes them on to the banks that issued the cards. The
company announced in January that a hacker had managed to gain access to
this card information for the 100 million transactions it handles each
month.
Aside from the scale, the breach stood out from the hundreds of others
reported each year because Heartland had recently passed a security audit.
Carr says that one lesson he's learned from the breach is that the
industry's security standard, called Payment Card Industry or PCI, doesn't
go far enough. It's the "lowest common denominator," he says, adding that
the audit didn't detect the vulnerability that led to the hack even though
it had existed for years.
[..]
_______________________________________________
Dataloss Mailing List (dataloss@xxxxxxxxxxxxxx)
Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
- Follow-Ups:
- Re: Heartland Gets Religion on Security
- From: rajat swarup
- Re: Heartland Gets Religion on Security
- Prev by Date: Re: Things to do before vulnerability disclosure
- Next by Date: Re: Things to do before vulnerability disclosure
- Previous by thread: Requesting Informational Interview
- Next by thread: Re: Heartland Gets Religion on Security
- Index(es):
Relevant Pages
|
Loading
