Which Company Would You Do Business With?
Another Consequence of the Heartland Data Breach

Data Security: PCI Is Not Enough

This TechNewsWorld article should make consumers pause before your next visit to the mall to shop with your debit/credit cards:

"It's evident that PCI compliance is not enough to fully protect credit card transaction data. Major fiascos such as the infamous Heartland, RBS WorldPay and TJX data breaches will continue to occur unless the system is fixed. One possible solution? Protection that starts at the database level... Although the exact details of the Heartland breach and compliance issues have not been made public, it is widely believed that credit card data was exposed and non-compliant during its time on the Heartland server. It is staggering that retailers and others processing credit cards are required to protect all transactions in order to be in compliance with the points of PCI, yet once the transactions get to the "super-processors" such as Heartland, these requirements are apparently not systematically enforced -- or even required, at some points. The more data you handle, the lower the security bar, or so it seems."

To address this mess, Heartland is proposing end-to-end data encryption. I am a consumer and not a data security expert, so I have no idea if that will work, or if heartland is blowing more BS. Regardless, this trend seems very important:

"The more sinister threat environment, which has emerged over the past two years, involves well-organized criminal gangs that grab data with the sole purpose of using it fraudulently. The "2009 Verizon Data Breach Investigations Report" outlined the change, finding that 93 percent of all electronic records breaches occurred in the financial services industry, with 90 percent of the breaches tied to organized crime."

Now that consumers have been thoroughly warned and trained about phishing attacks (e-mail and Web sites), identity thieves have focused their attacks on sites where the money is: banks and retailers.

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

The comments to this entry are closed.