Philly FRB: Lessons Learned from Heartland Data Breach

The Payment Cards Center of the Federal Reserve Bank of Philadelphia has published "Heartland Payment Systems: Lessons Learned from a Data Breach," a discussion paper on the Heartland Payment Systems breach.

The paper is a summation of a workshop held in August 2009 at the Philadelphia FRB, where Heartland CEO Bob Carr led a discussion of the events surrounding the breach and lessons learned as a result.

Heartland Payment Systems announced on Jan. 20, 2009 that it had been the victim of what is now thought to be the largest breach of card data, an estimated 130 million payment cards taken by hackers over a six-month period.

In his presentation, Carr shared details of the breach and what actions the company and industry are taking. Joining Carr in the workshop was the former director of the Payment Cards Center, Peter Burns, who now is a senior payments advisor to Heartland. They outlined Heartland's post-breach efforts, which are directed to improving information sharing and data security within the consumer payments industry. Carr introduced several technology solutions that are under discussion in payment security circles as ways to better secure payment card data as they move among the different parties in the card payment systems: end-to-end encryption, tokenization and chip technology.

Heartland recently launched its own end to end encryption solution for its merchants and is also active in the development of an industry-wide standard for encryption.

The full report is available for download.

About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.