Archive Links

Consumer Archive
CU System Archive
Market Archive
Products Archive
Washington Archive

News Now

CU System
Heartland tests new encryption
PRINCETON, N.J. (7/2/09)--Heartland Payment Systems, one of the nation’s largest payments processors, successfully completed the first phase of its end-to-end encryption pilot project Monday in response to last year’s data breach. The company announced in January that its processing system was breached last year, compromising millions of credit cards and affecting credit unions and their members nationwide. Credit unions in Alabama, California, Florida, Louisiana and Texas have joined in class action lawsuits seeking damages related to the Heartland breach (News Now Jan. 21, March 2 and April 2). The first step of the company’s pilot involved transmitting live Advanced Encryption Standard (AES)-encrypted card transactions from a merchant to Heartland’s processing platform. AES is the highest level of encryption and is on track to replace Data Encryption Standard (DES) and Triple DES as the desired standard for sensitive data, said Heartland (BusinessWire June 30). To his knowledge, this is the first time encrypted transactions have been sent from a merchant’s card reader to and through a major processor’s payments network, said Robert O. Carr, Heartland chairman/CEO. “[Monday’s] transactions involved a Texas-based merchant and multiple credit card, prepaid and signature debit card transactions testing each of the major card brands,” Carr said. “These cards were read by our newly developed pilot tamper-resistant security module (TRSM) terminal. The data was encrypted as the electronic digits left the magnetic stripe and entered the TRSM hardware device. The data was then successfully transmitted to and through our processing platform for authorization and settlement. “Typically, cardholder data is unencrypted as it leaves a merchant’s terminal and is not encrypted until it is either tokenized in a gateway or at rest in the processing platform’s data warehouse,” Carr continued. Cardholder data in transit is at risk of being compromised if cyber criminals or hackers use methods such as network or memory sniffer malware to get the data. “To protect data throughout the life cycle of a credit, debit or prepaid card transaction, Heartland is developing end-to-end encryption technology we call E3 that is designed to encrypt the transaction from the card read through our network and ultimately through transmission to the card brands,” he added. Credit unions are still reissuing members’ cards compromised in Heartland’s data breach. For example, Omaha (Neb.) Police FCU is replacing 1,167 of its members’ debit cards after being notified that the cards were among those compromised in the Heartland data breach (Omaha World-Herald June 30).
Other Resources

RSS





print
News Now LiveWire
CFA/CUNA holiday spending survey results to be announced at press conference this morning.
3 minutes ago
Matz: Revised @TheNCUA #RBC rule for #creditunions 2 B unveiled 1/15/15, 90-day comment period to follow #newsnow http://t.co/qABhvghSTU
14 hours ago
Just announced: @TheNCUA board will consider a revised risk-based capital rule at its Jan 15 mtg. See #NewsNow Monday for more info.
15 hours ago
Nearing one-yr anniversary of data breach, @Target asks for class action suits to be dismissed via @BloombergNews http://t.co/kra6kupd35
17 hours ago
.@PeoplesTrustFCU has been recognized with the Juntos Avanzamos designation by @Cornerstone_CUL for its service to the Hispanic community
17 hours ago