Archive Links

Consumer Archive
CU System Archive
Market Archive
Products Archive
Washington Archive

News Now

CU System
Heartland tests new encryption
PRINCETON, N.J. (7/2/09)--Heartland Payment Systems, one of the nation’s largest payments processors, successfully completed the first phase of its end-to-end encryption pilot project Monday in response to last year’s data breach. The company announced in January that its processing system was breached last year, compromising millions of credit cards and affecting credit unions and their members nationwide. Credit unions in Alabama, California, Florida, Louisiana and Texas have joined in class action lawsuits seeking damages related to the Heartland breach (News Now Jan. 21, March 2 and April 2). The first step of the company’s pilot involved transmitting live Advanced Encryption Standard (AES)-encrypted card transactions from a merchant to Heartland’s processing platform. AES is the highest level of encryption and is on track to replace Data Encryption Standard (DES) and Triple DES as the desired standard for sensitive data, said Heartland (BusinessWire June 30). To his knowledge, this is the first time encrypted transactions have been sent from a merchant’s card reader to and through a major processor’s payments network, said Robert O. Carr, Heartland chairman/CEO. “[Monday’s] transactions involved a Texas-based merchant and multiple credit card, prepaid and signature debit card transactions testing each of the major card brands,” Carr said. “These cards were read by our newly developed pilot tamper-resistant security module (TRSM) terminal. The data was encrypted as the electronic digits left the magnetic stripe and entered the TRSM hardware device. The data was then successfully transmitted to and through our processing platform for authorization and settlement. “Typically, cardholder data is unencrypted as it leaves a merchant’s terminal and is not encrypted until it is either tokenized in a gateway or at rest in the processing platform’s data warehouse,” Carr continued. Cardholder data in transit is at risk of being compromised if cyber criminals or hackers use methods such as network or memory sniffer malware to get the data. “To protect data throughout the life cycle of a credit, debit or prepaid card transaction, Heartland is developing end-to-end encryption technology we call E3 that is designed to encrypt the transaction from the card read through our network and ultimately through transmission to the card brands,” he added. Credit unions are still reissuing members’ cards compromised in Heartland’s data breach. For example, Omaha (Neb.) Police FCU is replacing 1,167 of its members’ debit cards after being notified that the cards were among those compromised in the Heartland data breach (Omaha World-Herald June 30).
Other Resources

RSS print
News Now LiveWire
#NewsNow: NJ-based money services business fined for repeated #BSA violations. http://t.co/6or7wDbomL
14 minutes ago
#NewsNow: Wal-Mart to issue EMV MasterCards within next few weeks. http://t.co/9csqwhFEdB
38 minutes ago
#UMich consumer confidence index bounces back in August http://t.co/LJ1l7mk4Ty
1 hours ago
IPSOS survey: Canada's #creditunions top for member service 10th consecutive year @CanadianCentral http://t.co/dSipMd4qnz
1 hours ago
#NewsNow Home-state visits connect lawmakers, credit unions http://t.co/Ti7HdH9gFo
1 hours ago