Heartland (HPY) Implements E2EE System

From Heartland Payment Systems

“Monday’s successful test involved Zones 1, 2, 3 and 4,” detailed Steven M. Elefant, Heartland’s executive director of end-to-end encryption. “We believe that protecting data in these zones alone will significantly impact the protection of cardholder data.

ISR News: CardSystems Breach Spurs Suit

Excerpts From Digital Transactions

Four years later, the fallout from the notorious CardSystems Solutions Inc. data breach—at the time the biggest hacking of payment card data ever—surfaced last week and looks like it could go on for months or even years. Merchant acquirer Merrick Bank Corp. is suing Savvis Inc., the company that inspected CardSystems before the breach, for alleged negligence because Savvis had concluded that the processor’s security systems met Visa Inc.’s standards.

ISR News: Heartland Fights MasterCard Fine

Excerpts From Finextra

“Heartland therefore considers the MasterCard fine to be in direct violation of both the MasterCard rules and applicable law and it intends and is prepared to vigorously contest and it has recommended to its sponsor banks that they vigorously contest, through all means available including litigation if necessary any liability that may be asserted or imposed upon Heartland or its sponsor banks by reason of this fine,” says Carr.

Heartland Regains PCI Compliant Status

By Anthony M. Freed, Information-Security-Resources.com Financial Editor

Heartland’s removal from the list of compliant payment processors had followed revelations that the company had suffered what may have been the largest data breach of payment card information to date, although details of the incident and similar events at RBS WorldPay (RBS) have not been made available due to ongoing investigations.

ISR News: Heartland Class Action Lawsuit

Excerpts From ComputerWeekly.com

An investor has filed a proposed class action in the US district court of New Jersey on behalf of all other investors in Heartland between August 2008 and February 2009. The complaint alleges that Heartland issued false or misleading statements and failed to disclose material adverse facts about its business, operations and prospects during that period. Heartland’s shares during that period also declined from $21.84 per share, or approximately 80%, from its high of $27.19 per share in September 2008.

ISR News: Visa Sanctions RBS Too

Excertps From BankInfoSecurity.com

In the statement, Visa confirmed that both Heartland and RBS WorldPay as a result of their recent data breaches, have been removed from the company’s Payment Card Industry Data Security Standard (PCI DSS) Compliant Service Providers list. This list represents the service providers that Visa has validated as being PCI DSS compliant for merchants and other businesses to run their credit card transactions.

Visa Sanctions: Heartland Issues Statement

STATEMENT FROM HEARTLAND PAYMENT SYSTEMS
March 13, 2009

Heartland was certified as PCI-DSS compliant in April 2008 and expects to continue to be assessed as PCI-DSS compliant in the future. We’re undergoing our 2009 PCI-DSS assessment now, which Heartland believes will be complete no later than May 2009 and will result in Heartland, once again, being assessed as PCI-DSS compliant.

Visa Puts Heartland on Probation Over Breach

By Anthony M. Freed, Information-Security-Resources.com Financial Editor

System Participation - HPS is now in a probationary period, during which it is subject to a number of risk conditions including more stringent security assessments, monitoring and reporting. Subject to these conditions, Heartland will continue to serve as a processor in the Visa system.

ISR News: WorldPay Facing Class Action

Excerpts From SecurityFocus.com’s Robert Lemos

RBS WorldPay Facing Class Action Lawsuit Over Breach (February 6, 2009) Law firms in Pennsylvania, Georgia and Washington DC have filed a class action lawsuit against payment processor RBS WorldPay.

ISR News: WorldPay (CORRECTION: NOT PROPAY) Suffers $9M Heist

Excerpts From Blog.Wired.com

A carefully coordinated global ATM heist last November resulted in a one-day haul of $9 million in cash, after a hacker penetrated a server at payment processor RBS WorldPay, New York’s Fox 5 reports.

(CORRECTING EARLIER POST ON INFORMATION-SECURITY-RESOURCES.COM - NOT PROPAY IDENTIFIED IN DATA SECURITY BREACH)

Next Page »

• Categories

  • Anthony M. Freed (25)
  • Bill Brenner (2)
  • Bob Violino (1)
  • Bozidar Spirovski (23)
  • Breach (539)
  • Britt Womelsdorf (5)
  • By Dr. InfoSec (2)
  • Cara Garretson (7)
  • CCCNews (1)
  • Chorey Taylor & Feil (8)
  • Christophe Veltsos (2)
  • Christopher Burgess (7)
  • CIOZone (26)
  • Class Action Lawsuit (111)
  • Cloud computing (103)
  • Coby Royer (5)
  • CTO Forum (9)
  • D&O Liability (591)
  • Daniel Wallace (5)
  • Danny Lieberman (11)
  • DataLine (10)
  • David Alexander (2)
  • Derek Crawford (1)
  • Doug Pollack (7)
  • due diligence (300)
  • Fame Foundry (1)
  • FEATURE ARTICLE (427)
  • Financial (577)
  • Fred Leland (7)
  • Gene Kim (3)
  • Government (363)
  • Greg George (5)
  • H1N1 (15)
  • hackers (529)
  • healthcare (124)
  • Heather Bourgoin (1)
  • HomeATM (8)
  • identity-theft (525)
  • IDExperts (17)
  • Ike Z. Devji (1)
  • Infosec Island Network (28)
  • Insider Threat (480)
  • Internet Crime Complaint Center (1)
  • Internet Security Alliance (61)
  • ISR News (321)
  • Jacqueline Herships (2)
  • Jenni Hesterman (3)
  • John M. Salomon (2)
  • John Watkins (7)
  • John-Patrick Skaar (2)
  • Kaliber Data Security and Compliance Consultants (3)
  • Kat Sanders (2)
  • Ken Leeser (3)
  • Kevin L. Jackson (10)
  • Kevin M. Nixon (21)
  • Larry Ketchersid (1)
  • Laton McCartney (7)
  • Lauren Taylor (1)
  • Linda McGlasson (1)
  • malware (491)
  • Mark Smail (1)
  • Mark Wright (1)
  • Mel Duvall (3)
  • Michael Eggebrecht (3)
  • Michael Lohr (1)
  • Michael O'Conner (4)
  • MicroSolved (1)
  • Mike Duncan (3)
  • Mike Meikle (4)
  • Mike Spinney (1)
  • Military (201)
  • national security (443)
  • PCI (299)
  • PCI Security Standards Council (32)
  • Physical Security (11)
  • privacy (542)
  • Rachel James (10)
  • reach (2)
  • Rebecca Herold (16)
  • Richard Stiennon (44)
  • Robert Siciliano (34)
  • Sarbanes-Oxley (492)
  • ScamStop (2)
  • Sean Wilkins (2)
  • Semyon Dukach (1)
  • Simon Heron (14)
  • Software Associates (11)
  • Steven Fox (19)
  • SUPERAntiSpyware (3)
  • Sybase (6)
  • Symplified (5)
  • The Jester (7)
  • The Privacy Professor (16)
  • Thomas R. Fox (8)
  • Tom Groenfeldt (2)
  • Tom McLain (2)
  • Trefis (13)
  • Tripwire (18)
  • Uncategorized (620)
  • virtualization (91)
  • Webcast (48)

• ISR Headline Index

  • Study Shows Employees Put Data at Risk
  • Tracking Google’s Script Kiddie Hackers
  • Newbie Introduction to Digital Forensics Part 2
  • Simple Log Review Checklist Released
  • Press F1 for Help? Microsoft Zero Day Threat!
  • A Newbie’s Introduction to Digital Forensics
  • Security Best Practice: Trust But Verify…
  • Google, Adobe, and Big Oil Under Attack!
  • Building your OWN Malware Lab (Part 2)
  • How Twitter Spam Steals From Google, Yahoo!
  • Tech Stocks Week in Review Featuring iPad
  • DoD Endorses Certification for Hackers
  • Risk Based Enterprise Compliance Programs
  • Data Loss Prevention Has Jumped the Shark
  • File-Sharing Software Threat to Health Privacy

• Recent Comments

  • Ryan Aslett on Data Loss Prevention Has Jumped the Shark
  • Tom on (Lack Of) Encryption and The HITECH Act
  • ADMIN on Patriot Hacker Hits Jihad With DDoS Attacks
  • Robert Siciliano on Data Loss Prevention Has Jumped the Shark
  • Karen J. Cox on Data Loss Prevention Has Jumped the Shark
  • Scot McLeod on Outsourcing Breach Response Lowers Costs
  • John Marke on Gartner Tells CIOs to Embrace Social Media
  • Social Engineering and Enterprise Security | CIO – Blogs and … | Enterprise Engineering Addict on Gartner Tells CIOs to Embrace Social Media
  • From Russia, With Smartphones on Top 8 Social Media Security Threats
  • Judith Hoffman on Scam Alert: Rogue Gmail Account Phishing
• 
  

  Information Security Resources

  Top network security blogs