Subscribe to web2feel.com
Subscribe to web2feel.com

All Top Banking

The Bad Guys Are Very Good - Heartland President

Posted by John B. Frank Thursday, January 22, 2009

Yes, that's what he said.  I know what he meant, but nonetheless, it's the kind of line that both Norm Crosby and Yogi Berra would be proud of.

According to Newsday.com Heartland has closed the security hole that ultimately may lead their own extinction...especially considering how bad their ticker looks today.

I've posted comments throughout.

"Heartland says it has closed the security hole that allowed criminals to infiltrate their systems, but the matter is far from settled.

The company will likely have to pay big penalties to banks to reimburse the cost of issuing new cards, and analysts say the intrusion could even threaten the company's survival if the big card brands decide to cut off Heartland from connecting to their networks.

One big payment processor, CardSystems Solutions, went under after a 2005 data breach in which 40 million credit card accounts were compromised and the big card brands stopped doing business with CardSystems. Representatives for Visa Inc. and MasterCard Inc. declined to comment" 

(Editor's Note: If Heartland was PCI certified, I highly doubt they'll be "cut-off" by Visa/MC, however, that's not to say that they won't lose a significant portion of their 250,000 member base, especially considering that these merchants may be subjected to very expensive fraud-related remedies.  The merchant's will look to Heartland when the bills come.  I was surprised Heartland is not offering free credit report monitoring, so I won't be when they tell merchants to "deal with it."  Sounds like the clock is running for Heartland...also  sounds like they've got a bad-ticker...)

Speaking of tickers...I see that HPS is down almost 20% today.  (see live chart at end of this post)

Yesterday, I said in a post"As people start to realize the magnitude of the breach, and therefore the losses associated with them, I expect HPS stock get "massacred" by...ironically, "Valentine's Day."    Maybe that "Valentine's Day Massacre" might be come earlier than I thought...

Getting back to the newsday.com story, "the industry's security requirements call for payment processors to have separate networks — one for the financial transactions, and another for their general corporate tasks. Heartland wouldn't say how the malware got into the network that processes financial transactions or when it was planted there. (Why would that be?)

"If you're actually able to compromise that protected network, you're in, man — you have the keys to the kingdom," said Mike Rothman, senior vice president of strategy for security software vendor eIQnetworks Inc. "I presume they were able to sniff a large part of the payment traffic at the time the network was compromised."

Robert Baldwin, Heartland's president and chief financial officer, said the thieves accessed a part of Heartland's network that handles transactions for 175,000 of the 250,000 merchants the company works with. He said the program slipped past Heartland's antivirus software and was able to read data in unencrypted form as it was passed from Heartland to the card brands.  Baldwin said Heartland uses heavy encryption, which means its data is cloaked in special computer coding so unauthorized computers can't read it, but added that the data has to be sent in unencrypted form to the card brands, which is where the criminals were able to spot it. (Editor's Note:  "and  therein lies the problem)

"Baldwin emphasized that no PIN codes were believed stolen. Baldwin added that the company passed an industry-mandated security inspection in April."  (about which much will be written in coming days/weeks/months)

"Unfortunately the bad guys are very, very good," he  said. "The malware we encountered did not, and does not, get very well captured by antivirus software, (ya-think?)) so it's a challenge we're going to have to keep working as an industry to combat." 

Continue Reading at Newsday.com






Related articles by Zemanta




Reblog this post [with Zemanta]

edit post

0 comments

Post a Comment

Powered by Blogger.

Blog Archive

Search This Blog

Our Manufacturing Facility

Our Manufacturing Facility

Learn More About Us

Find out how our patented technology can empower your financial institution.

Our secure two-factor online banking authentication eliminates dangerous passwords and usernames and replicates the same trusted process used to access cash at ATM's. (Insert Bank Issued Card, Enter Bank Issued PIN)

There is an R.O.I. as FI's also earn recurring revenue from each transaction conducted using our PCI 2.0 Certified PIN Entry Device. Our technology also provides a unique real-time P2P "Instant-Transfer" which allows your online banking customer to transfer cash from ANY of their bankcards to ANY other bankcard...with the Swipe of a card.

Help your bank eliminate phishing and your customers avoid identity theft by providing them with the ability to stop typing and start swiping. There is no safer way to conduct financial transactions online than by 3DES DUKPT encrypting the cardholder details, which we do at the mag-head "inside the box/outside the browser."

Total Pageviews

SLIM for PC or SmartPhone

SLIM for PC or SmartPhone
Click to Inquire

Chip and PIN eCommerce and Mobile

Chip and PIN eCommerce and Mobile
Click to Inquire

Kapersky Calls for Mass Adoption of Card Readers

Kapersky Calls for Mass Adoption of Card Readers

Translate This Blog

BobCaps

BobCaps

Search ePayment News (example: NFC)

About Me

My photo
Named one of the best Payment Industry News Blogs 4 Years Running

Feedjit

My Zimbio