Comments on: Heartland Payment Systems Breach

By: Me Too

Me Too — Sat, 30 May 2009 05:20:59 +0000

I have read the class action lawsuit and it is clear that Heartland withheld information. Also, Visa has recertified this company. It is their business to make sure their systems are secure. It is their business when they process this amount of transactions to have a fraud team on board consistent with the skills and ability of the secret service who are investigating. It is their responsibility to be proactive rather than reactive. Visa should not have recertified Heartland, period. Had they handled this properly, other companies who process payments would certainly make it their business to make sure their systems are secure by taking .00001% of their profits they make to hire the very best and brightest so that their employees are always more capable than the criminals.

By: Dat To

Dat To — Fri, 23 Jan 2009 22:10:20 +0000

It’s too bad that even if someone had solutions to fraud and the resources to capture these criminals that they would not be punished in a way that would deter them or others from engaging in these destructive activities. Laws seem to protect criminals and limit the freedoms of law abiding citizens in the pursuit of criminals. If the payoff is greater than the consequences, then the fraud will continue to grow.

By: heartland data breach

heartland data breach — Thu, 22 Jan 2009 20:19:47 +0000

[...] may or may not have read elsewhere about a massive data breach involving heartland payment systems, there is a lot of commentary. one thing that is interesting is with the attention and resources in [...]

By: stockholder

stockholder — Thu, 22 Jan 2009 05:02:35 +0000

the CEo has sold over 680,000 shares of stock since sept 08. the simple question is “what did the ceo know and when did he know it
‘

By: Heartland Payment Systems Breach - My Thoughts | Payment Systems Blog

Heartland Payment Systems Breach - My Thoughts | Payment Systems Blog — Wed, 21 Jan 2009 14:47:38 +0000

[...] should all be aware of the Heartland Payment Systems Breach that happened on Inauguration day – had it been a different day it would be a front page story, [...]

By: When End-to-End Encryption is really not End-to-End. | Payment Systems Blog

When End-to-End Encryption is really not End-to-End. | Payment Systems Blog — Wed, 21 Jan 2009 03:05:54 +0000

[...] also explain why End-to-End Encryption in its current state would not of prevented the breach at Heartland Payment Systems – as a processor they need to connect and communicate over the interchange networks using TCP/IP [...]

By: Tyler Hannan

Tyler Hannan — Tue, 20 Jan 2009 21:13:04 +0000

I agree wholeheartedly.

The statement: “let this serve as an example that PCI Compliance does not prevent breaches, and that Compliance is a snapshot in time, Compliance != Security, and Security is a process.” is powerful and one that deserves to be understood by a greater audience.