Heartland Data Breach: Visa Questions Processor's PCI Compliance
Visa Executive: "We've Never Seen Anyone Who Was Breached That Was PCI Compliant"
Despite the Heartland Payment Systems (HPY) data breach and other noted compromises, Visa staunchly supports the Payment Card Industry Data Security Standard (PCI DSS).
This is the message from Adrian Phillips, Visa's Deputy Chief Enterprise Risk Officer, who in an exclusive interview hammers home the credit card company's support for the security standard - and suggests that, contrary to Heartland's own statements, the payment processor may not have been PCI compliant when it was breached sometime in 2008.
"We've never seen anyone who was breached that was PCI compliant," Phillips says without specifically naming - or excluding -- Heartland. "The breaches that we have seen have involved a key area of non-compliance." Editor's Note: Meanwhile the House is blaming V/MC...see next post and Heartlands stock (see chart below) continues it's free fall. (well maybe not a "free" fall...it's costing shareholders some major kahunas. And they're so UN-HPY...they're suing...
Interviewed during last week's Visa Security Summit in Washington, D.C., Phillips acknowledges Heartland and other recent breaches, but uses them as an opportunity to support the PCI standard. "Let's remember we've had some bad breaches, but if we had not had PCI DSS, it would have been much worse," Phillips says. "As of today, I am confident that PCI DSS works."
Phillips comments come one week after news that Visa had removed Heartland Payment Systems from its certified PCI-DSS Compliant Service Providers list.
Find out how our patented technology can empower your financial institution.
Our secure two-factor online banking authentication eliminates dangerous passwords and usernames and replicates the same trusted process used to access cash at ATM's. (Insert Bank Issued Card, Enter Bank Issued PIN)
There is an R.O.I. as FI's also earn recurring revenue from each transaction conducted using our PCI 2.0 Certified PIN Entry Device. Our technology also provides a unique real-time P2P "Instant-Transfer" which allows your online banking customer to transfer cash from ANY of their bankcards to ANY other bankcard...with the Swipe of a card.
Help your bank eliminate phishing and your customers avoid identity theft by providing them with the ability to stop typing and start swiping. There is no safer way to conduct financial transactions online than by 3DES DUKPT encrypting the cardholder details, which we do at the mag-head "inside the box/outside the browser."
Phillips comments come one week after news that Visa had removed Heartland Payment Systems from its certified PCI-DSS Compliant Service Providers list.
![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_ss3fDSiZ3_1LIm5p00DUgrfb3KsPuZICjdb-XRA3kEwXIzrdlTd1NzAzMfL2zhO6Y1xwB7ZUmKTg7o75rz8910KTP_x30XRIyhmc0wKlO54ntTChxS1JwyTsy3Rf3kJcBoRQRA4z1pmHHnM4hrMwc=s0-d)
0 comments