Heartland Data Breach: Visa Questions Processor's PCI Compliance
Visa Executive: "We've Never Seen Anyone Who Was Breached That Was PCI Compliant"
March 24, 2009 - Linda McGlasson, Managing Editor
Despite the Heartland Payment Systems (HPY) data breach and other noted compromises, Visa staunchly supports the Payment Card Industry Data Security Standard (PCI DSS).This is the message from Adrian Phillips, Visa's Deputy Chief Enterprise Risk Officer, who in an exclusive interview hammers home the credit card company's support for the security standard - and suggests that, contrary to Heartland's own statements, the payment processor may not have been PCI compliant when it was breached sometime in 2008.
"We've never seen anyone who was breached that was PCI compliant," Phillips says without specifically naming - or excluding -- Heartland. "The breaches that we have seen have involved a key area of non-compliance."
Interviewed during last week's Visa Security Summit in Washington, D.C., Phillips acknowledges Heartland and other recent breaches, but uses them as an opportunity to support the PCI standard. "Let's remember we've had some bad breaches, but if we had not had PCI DSS, it would have been much worse," Phillips says. "As of today, I am confident that PCI DSS works."
Phillips comments come one week after news that Visa had removed Heartland Payment Systems from its certified PCI-DSS Compliant Service Providers list.
Gartner analyst Avivah Litan recommends that merchants and other card-acepting enterprises using Heartland take no action, "because the processor will likely be recertified soon." Litan says the Visa delisting should "nonetheless make it easier for [Visa] to help card issuers recover financial losses they may have suffered as a result of the breaches from the processor." She adds the delisting should also make it easier for Visa to impose fines, probably $150,000 or more, on Heartland. (Full Text at www.bankinfosecurity.com)
For a current list of the now - 625 institutions that have been affected click here.
Remember, estimates are that every 2-4 seconds an Identity is compromised. Why take chances? Why not protect yourself and your loved ones with the best suite of services provided (including restoration) by the best NYSE company in the field? Educate yourself and visit the shameless plug below or call me at (909) 208-3728!
Shameless plug
the Best Identity Theft Protection available dot com
No comments:
Post a Comment