HPY CEO to Speak at iapp Event

HPY CEO to Speak at iapp Event

Posted by John B. Frank Monday, June 1, 2009

IAPP - International Association of Privacy Professionals - Carr gets to heart of it

Heartland Payment Systems CEO discusses breach, previews speech

Not a week had passed after the announcement of what some have described as the largest data breach ever, when the CEO of Heartland Payment Systems, Robert Carr, began calling for better industry cooperation and new efforts directed at preventing future breaches.

Recently, Carr announced that trials will begin late this summer on an end end-to-end encryption system Heartland is developing with technology partners. It is expected to be the first system of its kind in the U.S. The company is also pushing for an end-to-end encryption standard.

At the upcoming Practical Privacy Series in Silicon Valley, Carr will discuss the Heartland breach and the role industry, including privacy professionals, must play to prevent future breaches.

Here’s a preview:

IAPP: Many companies have experienced breaches. What made yours different?

Ours was different because we are a processor and had passed six years of PCI audits with no problems found. Yet, within days of the most recent audit, the damage had begun.

IAPP: Did you have a chief privacy office or a privacy professional on staff before your breach? Do you now?

Ironically, when we learned of the Hannaford’s breach, we hired a Chief Security Officer who started just three weeks before the breach began.

IAPP: In the era of mandatory breach reporting, what is the trajectory of consumer reaction?

As a processor it is difficult to really know this. Our customers are merchants who accept card payments.

IAPP: Do you think consumers will become numb to breach notices?

I believe that many are numb to so many intrusion notices.

IAPP: Are breach notices good public policy? Do the notices provide an incentive for companies to change or improve practices?

I don’t think so. Nobody wants to get breached and the damage caused by a breach is sufficient reason for most of us to do everything we can to prevent them.

IAPP: What has Heartland done differently since the breach?

We have added multiple layers of additional security, helped form the Payment Processors Information Sharing Council and ramped up our timetable to deploy the industry’s first TRSM encryption processing network.

IAPP: You will deliver a keynote at the IAPP Practical Privacy Series event in California next month. Can you give us a preview of your remarks?

I am going to discuss our breach and what we have done and are doing to help others prevent breaches to their own systems.

Heartland Breach, Bob Carr

0 comments

Learn More About Us

Find out how our patented technology can empower your financial institution.

Our secure two-factor online banking authentication eliminates dangerous passwords and usernames and replicates the same trusted process used to access cash at ATM's. (Insert Bank Issued Card, Enter Bank Issued PIN)

There is an R.O.I. as FI's also earn recurring revenue from each transaction conducted using our PCI 2.0 Certified PIN Entry Device. Our technology also provides a unique real-time P2P "Instant-Transfer" which allows your online banking customer to transfer cash from ANY of their bankcards to ANY other bankcard...with the Swipe of a card.

Help your bank eliminate phishing and your customers avoid identity theft by providing them with the ability to stop typing and start swiping. There is no safer way to conduct financial transactions online than by 3DES DUKPT encrypting the cardholder details, which we do at the mag-head "inside the box/outside the browser."

All Top Banking