BreachExchange mailing list archives
follow-up: Heartland Receives Encrypted Card Data From Retailer
From: security curmudgeon <jericho () attrition org>
Date: Wed, 1 Jul 2009 18:20:41 +0000 (UTC)
http://supermarketnews.com/news/heartland_encrypted_0701/ Heartland Receives Encrypted Card Data From Retailer Jul 1, 2009 6:00 AM PRINCETON, N.J. Heartland Payment Systems here, the payment processor that announced in January that it had been hit by a major data breach, successfully completed the first phase of an end-to-end encryption pilot project designed to enhance its security. This first step involved the transmission of live AES (Advanced Encryption Standard)-encrypted card transactions from an unnamed merchant to Heartlands processing platform. According to Robert O. Carr, Heartlands chairman and chief executive officer, to his knowledge, this is the first time encrypted transactions have been sent from a merchants card reader to and through a major processors payments network. Yesterdays transactions involved a Texas-based merchant and multiple credit card, prepaid and signature debit card transactions testing each of the major card brands, Carr said. Cardholder data, he added, is typically unencrypted as it leaves a merchants terminal and is not encrypted until it is either tokenized in a gateway or at rest in the processing platforms data warehouse. _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Get business, compliance, IT and security staff on the same page with CREDANT Technologies: The Shortcut Guide to Understanding Data Protection from Four Critical Perspectives. The eBook begins with considerations important to executives and business leaders. http://www.credant.com/campaigns/ebook-chpt-one-web.php
Current thread:
- follow-up: Heartland Receives Encrypted Card Data From Retailer security curmudgeon (Jul 01)