STORES Magazine - March 2009 - (Page 26)

EXECUTIVE SUITE / Q&A Sobering Reminder PCI-compliant payments processor discusses life after a data breach H eartland Payment Systems, a major payment processor, is the latest victim of a data breach believed to have exposed an unknown number of credit and debit cardholders to the risk of fraud. In early January, chairman and CEO Bob Carr learned that the company’s systems had been compromised by malicious software (or malware). Although the number of affected consumers affected remains unspecified, security experts fear that the Heartland breach could rival some of the largest data thefts on record. Disturbing as that news is, Heartland insists that cardholder Social Security numbers, unencrypted PINs, addresses and phone numbers were not at risk of compromise. In the vast majority of cases, the cardholder’s name was not at risk, either. The breach is believed to be the work of a global cyber crime organization, possibly based in Eastern Europe. Criminal investigations by the U.S. Department of Justice and Secret Service are ongoing: Last month, three Florida men were arrested on hundreds of counts of credit card fraud linked to the Heartland breach. In the weeks since the breach was revealed, executives of Princeton, N.J.-based Heartland have announced plans to introduce encryption technology that would take effect the moment a card is swiped. In addition, Heartland has formed a unit to develop and implement encryption capabilities and is calling for collaboration on an industry-wide encryption program. The ultimate goal, executives say, is “end-to-end encryption” from POS through to the card company networks. STORES executive editor Susan Reda spoke last month with Carr about the breach, PCI certification and what the future holds for Heartland. brands of the incident and continues to work with them to protect consumers. Individual financial institutions, which – unlike Heartland – have the addresses for cardholders, are communicatBob Carr ing directly with their cardholders as they see appropriate. In addition to these efforts, Heartland disclosed the incident broadly to consumers by issuing press releases and launching a website (www.2008breach.com) that has updated information on the breach and identifies helpful resources for consumers. Initially, the industry saw hackers going after online cardnot-present types of payments. Then the bad guys switched to the card-present arena, targeting bricks-and-mortar retailers. Is the Heartland breach an indication that the next migration is to card processors? News reports have stated that more than 100 million cards may have been compromised. Is this a valid figure? It’s hard to say, but the bad guys are smart and getting smarter. It’s the responsibility of law enforcement authorities, payment systems and financial institutions to work together The most in an effort to stay one step ahead of the important thing cyber criminals so these kinds of data breaches are stopped. that’s needed What are the potential ramifications to a processor in this situation? No, it’s not. At this point in the forensic investigation, we do not know how many card numbers were at risk of having been compromised. The numbers you have been seeing in news reports are only speculation on the part of reporters. Have all of those cardholders been notified of the breach? right now is more dialog and action among various players in the industry Heartland immediately notified the card 26 STORES / MARCH 2009 One of the outcomes will be stronger security for Heartland, and we hope to encourage other processors and merchants to follow suit. We plan to introduce endto-end encryption technology that exceeds current industry standards; we’ve created a special division devoted to this effort. We hope to introduce encryption the moWWW.STORES.ORG http://www.2008breach.com http://WWW.STORES.ORG

Table of Contents Feed for the Digital Edition of STORES Magazine - March 2009

STORES Magazine - March 2009 Contents Executive Editor's Page President's Page Movers and Spenders What Shoppers Think Take Your Laundry Online 10 Things You May Have Missed Numbers Worth Counting Full Price/Markdown Retail People Luxury for Less Q & A CONCEPT2WATCH Checkout Management Online Entrepreneurs Sustainability POS Online Strategy Online Scheduling SaaS Online Marketing Merchandise Security PCI Compliance LPinformation Supplier Directory Exception Reporting Industry Perspective Theft Research LOEB Retail Letter ARTS Update Point of View NRF News Retail Crossword Retail Industry Calendar End Cap

STORES Magazine - March 2009

For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.