Monday 11 May 2009

Heartland Payment Systems, Visa, and PCI Compliance

Attrition has a very good read on how they regard PCI compliance in relationship to the Heartland Payment Systems breach as well as the RBS Worldpay breach:

From the article:

security curmudgeon

I am so fed up with this entire ordeal. As a customer who was twice affected by Heartland's security breach (two different cards through two institutions were re-issued because of the breach), I am disgusted with Visa and Heartland. PCI and its cheerleaders make me angry.

We have been keeping an eye on the whole Heartland breach fiasco since we found out about it due to the fact that one of our credit card providers, and thus us, was directly impacted by the Heartland breach.

One of the promises made by Heartland was “openness” around the whole incident. To date, other than the initial press releases made by Heartland, there has been very little information on the impact the breach has had or the how/when/where/what on the intrusion itself.

Visa, MasterCard, and other credit card providers surely know but it is in their best interest to keep things as mum as possible too.

For those that are keeping some track on the impact of the Heartland breach, here is a somewhat accurate tally of the costs to Heartland so far:

The Network World article covers Heartland’s push, and investment, in an end-to-end encrypted tunnel for payment processing between the merchant and the payment processor (Heartland).

The actual costs to those impacted by the breach, meaning all of those whose credit card information was taken, is an unknown and may never be known.

The reality is, we are ultimately the ones responsible for protecting our identities. We need to remain ever vigilant over our bank and credit card accounts by using their online transaction management systems on a regular basis. Anything out of the ordinary, especially those $0.65 and $2.73 transactions need to be questioned immediately.

Some past posts on the Heartland breach:

Heartland CEO Bob Carr’s Goldman Sachs Technology and Internet Conference presentation linked in the third blog post is available on the Talkpoint site linked to in the post.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*All Mac on SBS posts will not be written on a Mac until we replace our now missing iMac! (previous blog post)

Windows Live Writer

No comments: