News

Heartland calls for payments industry encryption standard

The head of Heartland Payment Systems, which washit by a massive data breach last year, has called for industry collaboration to combat cyber-crime attacks.

Cyber-criminals gained access to potentially millions of credit card transaction details after planting spy software on Heartland systems.

Heartland chief executive Robert Carr has held meetings with others in the payments industry following the public disclosure of the data security breach.

There is growing concern in the industry about the increasing success and frequency of cyber-attacks, according to Carr.

He has called for greater information sharing to prevent cyber-criminals from using the same or similar techniques in multiple attacks.

"I believe that had we known the details about previous intrusions, we might have found and prevented the problem we learned of last week," Carr said.

The Heartland boss is also advocating the adoption of data encryption throughout the payments industry, as well as improved and safer standards of payments.

Encryption is not a requirement of the Payment Card Industry Data Security Standard (PCI DSS). The omission is regarded by security commentators as a key weakness.

Lack of encryption is a key reason that PCI compliance is not enough to guarantee the security of credit card details, say experts.

These gaps create excellent attack points for hackers as data is fully exposed, said Mark Bower, director of information protection at Voltage Security.

Like Carr, Bower sees end-to-end encryption as the only way to eliminate the threat to transaction data.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy