Breach Response , Cybersecurity , Data Breach

Heartland CEO Carr Reflects on Breach

Enterprises Must Improve Breach Detection, Adopt End-to-End Encryption

Bob Carr, founder and CEO of payments processor Heartland Payment Systems, which suffered a massive and historic data breach in 2008, says all organizations need to boost their efforts to detect and prevent breaches, especially through wider use of encryption.

See Also: From Authentication to Advanced Attack Vectors: Top Trends in Cybercrime in Q1 2016

In a video interview recorded at Information Security Media Group's recent 2015 Data Breach & Prevention Summit New York, Carr acknowledges that the processor made some initial missteps in dealing with the breach, caused by SQL injection.

"We knew when the breach happened ... and within hours we thought we had remediated it," he says. "That was our mistake ... The bad guys were in our system for six months before they figured out how to cross over into our payments network, which is when the disaster really occurred."

The breach ultimately exposed 130 million debit and credit cards and cost card issuing banks and credit unions about $500 million (see Heartland's Carr on U.S. Card Security Shortcomings).

One of the most significant steps Heartland took in the wake of the breach, Carr says, was to launch development of an encryption terminal for the payments industry. He argues that end-to-end encryption is essential to the fight against fraud.

In the interview, Carr also discusses:

  • The reasons why Heartland quickly told customers and partners about the breach;
  • The role of merchants in ensuring payments security;
  • Why the U.S migration to EMV will help reduce fraud risks.

Carr founded Heartland Payment Systems in 1997, building it from a 25-person startup to a Fortune 1000 company serving more than 400,000 business and educational locations nationwide. After Heartland recovered from its 2008 data breach, Carr developed "The Merchant Bill of Rights," an advocacy plan designed to educate merchants on the importance of transparency in payments processing. Carr also is the founder of the Give Something Back Foundation, which provides financial support to college students. In 2014, Carr wrote "Through the Fires: An American Business Story of Turbulence, Triumph and Giving Back."


About the Author

Tracy Kitten

Tracy Kitten

Executive Editor, BankInfoSecurity & CUInfoSecurity

A veteran journalist with more than 18 years' experience, Kitten has covered the financial sector for the last 11 years. Before joining Information Security Media Group in 2010, where she now serves as the Executive Editor of BankInfoSecurity and CUInfoSecurity, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.




Around the Network