Card Not Present Fraud , Fraud Management & Cybercrime , Governance & Risk Management

Heartland CEO Carr Reflects on Breach

Enterprises Must Improve Breach Detection, Adopt End-to-End Encryption

Bob Carr, founder and CEO of payments processor Heartland Payment Systems, which suffered a massive and historic data breach in 2008, says all organizations need to boost their efforts to detect and prevent breaches, especially through wider use of encryption.

See Also: Email's Need For The Security Advantages of Cloud Infrastructure

In a video interview recorded at Information Security Media Group's recent 2015 Data Breach & Prevention Summit New York, Carr acknowledges that the processor made some initial missteps in dealing with the breach, caused by SQL injection.

"We knew when the breach happened ... and within hours we thought we had remediated it," he says. "That was our mistake ... The bad guys were in our system for six months before they figured out how to cross over into our payments network, which is when the disaster really occurred."

The breach ultimately exposed 130 million debit and credit cards and cost card issuing banks and credit unions about $500 million (see Heartland's Carr on U.S. Card Security Shortcomings).

One of the most significant steps Heartland took in the wake of the breach, Carr says, was to launch development of an encryption terminal for the payments industry. He argues that end-to-end encryption is essential to the fight against fraud.

In the interview, Carr also discusses:

  • The reasons why Heartland quickly told customers and partners about the breach;
  • The role of merchants in ensuring payments security;
  • Why the U.S migration to EMV will help reduce fraud risks.

Carr founded Heartland Payment Systems in 1997, building it from a 25-person startup to a Fortune 1000 company serving more than 400,000 business and educational locations nationwide. After Heartland recovered from its 2008 data breach, Carr developed "The Merchant Bill of Rights," an advocacy plan designed to educate merchants on the importance of transparency in payments processing. Carr also is the founder of the Give Something Back Foundation, which provides financial support to college students. In 2014, Carr wrote "Through the Fires: An American Business Story of Turbulence, Triumph and Giving Back."


About the Author

Tracy Kitten

Tracy Kitten

Former Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

Kitten was director of global events content and an executive editor at ISMG. A veteran journalist with more than 20 years of experience, she covered the financial sector for over 10 years. Before joining Information Security Media Group in 2010, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.co.uk, you agree to our use of cookies.