The head of
Heartland Payment Systems, which washit by a massive data
breach last year, has called for industry collaboration to combat
cyber-crime attacks.
Cyber-criminals gained access to potentially millions of credit
card transaction details after planting spy software on Heartland
systems.
Heartland chief executive Robert Carr has held meetings with
others in the payments industry following the public disclosure of
the data security breach.
There is growing concern in the industry about the increasing
success and frequency of cyber-attacks, according to Carr.
He has called for greater information sharing to prevent
cyber-criminals from using the same or similar techniques in
multiple attacks.
"I believe that had we known the details about previous
intrusions, we might have found and prevented the problem we
learned of last week," Carr said.
The Heartland boss is also advocating the adoption of data
encryption throughout the payments industry, as well as improved
and safer standards of payments.
Encryption is not a requirement of the
Payment Card Industry Data Security Standard (PCI DSS). The
omission is regarded by security commentators as a key
weakness.
Lack of encryption is a key reason that
PCI compliance is not enough to guarantee the security of
credit card details, say experts.
These gaps create excellent attack points for hackers as data is
fully exposed, said Mark Bower, director of information protection
at
Voltage Security.
Like Carr, Bower sees end-to-end encryption as the only way to
eliminate the threat to transaction data.