IMGCAP(1)]
The payments industry should adopt standards that require all sensitive cardholder data to be encrypted along the entire transaction process, contends Robert O. Carr, chairman and CEO of Heartland Payment Systems Inc. The transaction processor earlier this week admitted hackers had gained access to its network last year (CardLine, 1/20). Heartland identified the breach as a "sniffer" program that made it past the company's antivirus software. The program delivered the card data–including card numbers and expiration dates–it collected to fraudsters. The Princeton, N.J.-based processor has not said how many transactions were affected. On its Web site, Heartland says it annually processes more than 4 billion transactions. In a statement, Carr says members of the payments industry must confer with each other to counter fraud efforts. "Up to this point, there has been no information-sharing, thus empowering cyber criminals to use the same or slightly modified techniques over and over again," he says. Had Heartland known details about previous intrusions at other companies, Heartland might "found and prevent the problem we learned of last week," Carr says.
