follow-up: Heartland Receives Encrypted Card Data From Retailer

[security curmudgeon <jericho () attrition org>]

http://supermarketnews.com/news/heartland_encrypted_0701/

Heartland Receives Encrypted Card Data From Retailer
Jul 1, 2009 6:00 AM

PRINCETON, N.J.  Heartland Payment Systems here, the payment processor 
that announced in January that it had been hit by a major data breach, 
successfully completed the first phase of an end-to-end encryption pilot 
project designed to enhance its security.

This first step involved the transmission of live AES (Advanced Encryption 
Standard)-encrypted card transactions from an unnamed merchant to 
Heartlands processing platform.

According to Robert O. Carr, Heartlands chairman and chief executive 
officer, to his knowledge, this is the first time encrypted transactions 
have been sent from a merchants card reader to and through a major 
processors payments network.

Yesterdays transactions involved a Texas-based merchant and multiple 
credit card, prepaid and signature debit card transactions testing each of 
the major card brands, Carr said. Cardholder data, he added, is typically 
unencrypted as it leaves a merchants terminal and is not encrypted until 
it is either tokenized in a gateway or at rest in the processing platforms 
data warehouse.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php