Electronic payments processor Heartland Payment Systems said Thursday it has allocated $12.6m to cover a security breach that exposed sensitive card holder data crossing its network. More than half that amount involves a fine MasterCard has assessed banks that did business with Heartland, said company CEO Robert Carr, according …
The technology and processes to provide end-to-end encryption have been around for a good long while.
This company has no excuse for not implementing these changes.
Any institution considering placing their transactions in the hands of Heartland is asking for problems.
it is also obvious that due diligence on the part of the customers is also severely lacking, as any bank worth their weight in salt should have demanded an audit of their security controls years ago.
That will be Buried Shit Then?
Let me assume that....
"More than half that amount involves a 'fine' MasterCard...."
"The remainder covers legal costs and other expenses related to the breach..."
The net zoomies work out, on a sliding scale of 'More than half" starting at 100%, notice how 100% is 'more' than 50%.
"The remainder" reduces MasterCards pocket[ing] money depending on how many of MasterCards customers manage, assuming they notice it, to claim back their losses.
Welcome to MasterCards Premium Rate number blah blah blah
Calls may be recorded blah blah blah.
You now have Five options blah blah blah.
Thank you. You now have 6 options blah blah blah.
We are very busy at the moment but your custom is important to up so please hold on. One of our advisors will be available to answer your call soon..
Repeat for the next eon.
"Ohhhh Dub Dub Dub Dub Dub. Hello you are talking to Mykel. How can I be helping you today?"
"I seem to have been charged for something I did not buy."
"Oh I am so sorry. You appear to have been connected to the wrong department. Can I please to be taking your details."
"Yes I will now be putting you through to the place to be"
Cue silent phone line.
Why on earth did we not have 'end to end encryption' from the very beginning? Who is in charge of monitoring this sort of thing/
I bet it was Paris.
"SSL is secure"
This just shows how these types of companies like to make fake claims on how they value their security.
SSL is a smoke screen of encrypted data to the server from the client and back again. But once it reaches the server it is decoded. Making it just as easy to steal said data.
This is not a failing of just this one company. This is a failure of the entire industry.
A few small vendors in the industry provide end to end encryption. NOT ONE OF THE TEN LARGEST VENDORS IN THE INDUSTRY does.
I suspect the amount of "Big Iron" still in use throughout the industry has a lot to do with it. Equipment that just plain does not have the grunt to handle real time encryption/decryption.
What do you mean "The mechanism would go well beyond so-called PCI DSS"?!
I've had to go through the PCI audit recently, I'm pretty sure that PAN numbers have to be encrypted or masked anywhere they are stored or when they are transmitted across network.
Sounds like they are just making themselves compliant, not going beyond it..
- Nokia: Read our Maps, Samsung – we're HERE for the Gear
- Ofcom will not probe lesbian lizard snog in new Dr Who series
- Episode 9 BOFH: The current value of our IT ASSets? Minus eleventy-seven...
- Too slow with that iPhone refresh, Apple: Android is GOBBLING up US mobile market
- Kaspersky backpedals on "done nothing wrong, nothing to fear" company article