Tuesday, September 15, 2009

Heartland Gets Beat Up at U.S. Senate Hearing

Heartland on Defense at U.S. Senate Hearing

Eric Chabrow writes on BankInfoSecurity.com:



The ranking member of the Senate Homeland Security and Governmental Affairs Committee told the chief executive of Heartland Payment Systems that she was "astonished" a breach the company's information system lasted for nearly 1½ years without being detected.

At a panel hearing Monday on protecting industry against growing cyber threats, Sen. Susan Collins, R.-Maine, asked Heartland CEO Robert Carr to explain how this delay happened. Carr responded that a breach is usually detected when the processing payer is notified of fraudulent use of cards, and that didn't occur until the end of 2008.

"Isn't there software in the systems to detect such a breach?" Collins asked.

"There is, and the cyber criminals are very good at masking themselves," Carr replied. "To be able to scan systems to determine what the malware is, you have to understand something about the attack vector, and you need to know something about the malware to find it. All of us in the industry go through annual assessments, but the bad guys are working together to get around all those assessment."

Carr told the panel Heartland is taking two major steps to prevent this type of breach to reoccur. Working through the Financial Services Information Sharing and Analysis Center, Heartland and other payment processors established Payments Processing Information Sharing, a forum for sharing information about fraud, threats, vulnerabilities and risk mitigation practices.


More here.



Want to Read the Transcript? 





Report title: PROTECTING AGAINST CYBER ATTACKS- Statement of Robert Carr Chairman and CEO Heartland Payment Systems from CQ Transcriptions  1442 word report published Sep 14, 2009


Price $19.95 available for immediate download HTML

Let me save you $19.95.  Here's a couple quotes I was able to locate from various articles:



Statement of Robert Carr Chairman and CEO Heartland Payment Systems Committee on Senate Homeland Security and Governmental Affairs September 14, 2009...



"Good morning Chairman Lieberman, Ranking Member Collins, and Members of the Committee....
Quote 1:  "I now know that this industry needs to, and can, do more to better protect it against the ever-more-sophisticated methods used by these cybercriminals," Carr told the Senate Homeland Security and Governmental Affairs Committee. "I believe it is critical to implement new technology, not just at Heartland, but industrywide." The purpose of the committee hearing was, in part, to determine whether new legislation is needed to fight cybercrime."



Quote 2: "We are working on these solutions, both technological and cooperative, because I don't want anyone else in our industry, or our customers, or their customers ... to fall victim to these cybercriminals," he said.



Quote 3: "Explain to me how a breach of that magnitude could go undetected for so long."




Quote 4: "Card holders were not reporting major breaches, Carr answered. "The way breaches are normally detected is that fraudulent uses of cards are determined," he said. "There was no hint of fraudulent use of cards that came to our attention until toward the end of 2008."
Source: TESTIMONY





Reblog this post [with Zemanta]

Disqus for ePayment News