Editor's Note: Investigations by the FTC and DOJ are not uncommon. The SEC investigation has nothing to do with the breach, but with starting to sell 80,000 shares per month and it coinciding with the timeframe of the breach.
What's rare is the OCC investigation. Gartner Distinguished Analyst, Avivah Litan, has a take on why they are involved.
The Treasury's OCC may be taking an interest in the breach because it could be part of a larger problem for the banking industry, said Avivah Litan, an analyst with Gartner Research. "I think that the criminal gang that targeted Heartland is targeting multiple payment processors and it's a serious threat to the integrity of the payment systems," she said.
Yes, there is a serious threat to the integrity of the payment systems. It all has to do with information security/data encryption. Data traveling over the network should be securely encrypted from the point of data entry (the POS) to the point where the data is processed (V/MC). Beginning-to-End Encryption (B2EE) will be costly and time consuming to implement, but look at the alternative. (and yes...there is a HomeATM pun "encrypted" with 3DES/DUKPT in there)
In recent months at least three credit-card processing companies, including Heartland, have been the victims of sophisticated criminal attacks resulting in millions of compromised payment cards. One of the other card processors, RBS WorldPay, lost data on 1.5 million customers. A third hack, at an unnamed payment processor, was disclosed last week.
In related news, Heartland announced yesterday that the President and Chief Financial OfficerRobert Baldwin will be participating at the Goldman Sachs Technologyand Internet Conference, February 26, 2009, at 6:20 PM at the SanFrancisco Marriott in San Francisco, California.
After thelive presentation the web cast will be archived on the Company’swebsite. Those who are interested can listen to a live web cast of thepresentation on the Investor Relations section of Heartland’s websiteat: http://www.heartlandpaymentsystems.com.
0 comments