I’m not going to beat the Heartland breach to death. They’re in trouble and they know it. They were breached, badly, for a long period of time. It will take them years to get over it unless Visa and MasterCard sever the ties like they did with Card Systems Solutions, in which case Heartland will be a memory within months. But something was brought to my attention on Friday that might be a bright spot in all this.
Heartland issued a press release for the benefit of it’s investors. This one, like most press releases that companies release after a security breach, is more PR hype than anything else. In fact, it oozes with it, so let me strip all that out.
“…Added more than 400 merchants to its client base in the past few days” doesn’t impress me. They disclosed what is probably the biggest security breach in the history of the world and 400 merchants beat a path to their door? Doubtful. More likely, they just found time to finalize the contracts that had been pending before the disclosure.
“Merchants continue to respect Heartland for the manner in which we do business. They appreciate our ongoing efforts to help them manage the costs and complexities of payments processing,” … Heartland may have an excellent reputation with their merchant customers. They have done good things – to the point where, up until last week, I might have included them in the Merchant Resources section of the Merchant911 pages. Sorry, but I have to wonder how long it will last after the disclosure.
“Consumers will know if their card account numbers have been used by reviewing their monthly statements.” There’s a slap in the face to a couple hundred million credit card holders. In other words, “Cardholders, you’re on your own – YOU figure it out.” Not very customer friendly, but then again cardholders aren’t Heartland’s customers, are they! Sorry Heartland, that was a very bad statement
After all the fluff is blown away, there are three paragraphs in the release that I think are important and even encouraging.
Over the past few days, [CEO Robert O.] Carr has been talking to many industry leaders about working together to fight the cyber criminals who victimized Heartland and continue to jeopardize companies, consumers and data worldwide.
“I have talked to many payments leaders who are also concerned about the increasing success and frequency of cyber crime attacks,” Carr noted. “Up to this point, there has been no information sharing, thus empowering cyber criminals to use the same or slightly modified techniques over and over again. I believe that had we known the details about previous intrusions, we might have found and prevented the problem we learned of last week.”
Heartland’s goal is to turn this event into something positive for the public, the financial institutions which issue credit/debit cards and payments processors.
Think about that concept. Sharing full details about data breaches across the industry would be powerful. It’s the founding principle of Merchant911 and we’ve made a difference. Would Heartland have been spared if they’d known about some of the other ‘in-transit’ breaches that have been reported lately? I don’t know and we probably never will. One thing is certain; Knowledge is Power!
I encourage Mr. Carr and all of Heartland to pursue this idea. Pursue it with a vengeance and don’t stop until you have the cooperation of every payment processor, large and small, foreign and domestic.
Now, more than ever, a full exchange of information is vital. Heartland and the others have a handful of security people. They are busy doing a lot of things. The bad guys have an extensive network of ‘security people’ and they’re all dedicated to getting through your security net. Collectively they’re smarter than we are. Collectively we can be smarter than they are and that’s the only thing that might ultimately save the whole payment industry.
Heartland, you have my support with that goal.
Similar Posts:
- Heartland Data Breach rears its ugly head again
- Genesco suffers breach – Not PCI compliant?
- US Bank concealed a data breach?
- Albert Gonzales may be in Jail but it ain’t over for a long time.
- Card Breach Victim Gets Twenty Years ‘Probation’
This quote is from the PCI assessor of Heartland:
"TrustMinder enables us to reduce risk in our merchant underwriting and boarding process, and to meet the Visa e-commerce merchant inspection
requirements in a single, easy-to-use solution," said Robert O. Carr, chairman, chief executive officer and founder of Heartland Payment Systems."
- spam
- offensive
- disagree
- off topic
Like