The Field Report with Tom Field

At the Heart of the Data Breach(es)

At the Heart of the Data Breach(es)

OK, so how many payment processor data breaches are we talking about - one or two? That's been the big question we've been trying to sort out this week. And I'm not sure anyone knows definitively. If they do, they're not telling.

But I do know this: For anyone who wants to know exactly what the Heartland Payment Systems (HPY) data breach - or any such incident - really means, here's what I'll tell them. This is an excerpt from a note I received a couple of weeks back from a bank customer:

"I am just a customer with XXX bank here in the Midwest. And I just discovered today that $500 was taken out of my account yesterday. Someone charged $250 twice at a Macy's East in New York and attempted another $200 and it was refused. This is what the bank teller told me. They have cancelled my and my husband's debit cards and are working to get the $500 back.

"We are just plain, hardworking Midwesterners and are shocked and bewildered how this happened. We've never been to New York, and we never left the county yesterday! I had also been issued a new debit card about a month or so ago and had just stuck it in the safe because my other card was still fairly new, although they were two different numbers. The debit card number that was used never left the safe, so I'm pretty darn sure that it was compromised electronically and most likely with Heartland.

"The gal at the bank wasn't sure if Heartland was involved or not. I just wish I'd been notified to watch for this earlier. The bank teller alluded that there have been several other bank customers that have had strange charges, but I think it's just beginning to show up. I've been researching this whole breach thing on the net and wonder why the media hasn't really got involved with this. I've been doing my own notifying today via email telling friends and family members to check their debit/credit accounts for fraud.

"I'm not sure if I can be much help to you, but since my bank isn't on the list and I've definitely had some fraud done with my account, I thought I'd let you know.

"Thanks for at least letting me vent."

Well, thanks for taking the time to vent and to give us all a little bit of perspective.

Y'see, it doesn't matter whether the fraud referenced above was connected to Heartland or a payment-processor-to-be-named-later. It doesn't even matter so much how the fraud occurred and what the card-issuing bank did/did not do as a result of it.

All that matters is that a bank customer lost $500, doesn't understand why, and wonders what her bank is going to do about it.

To me, this just cuts to the heart of these data breaches. They aren't about encryption and hackers and intrusion detection systems. They're about trust, as banking always is, and they're about customers - people - having that trust violated.

There have been some great questions raised in the wake of the Heartland breach. What exactly happened? How did it happen? How many banks, credit unions and customers were affected? What can we do to prevent such breaches from occurring in the future?

But to me the ultimate question is: What are we going to do to regain our customers' trust?

I'd be curious to hear your answers.

About the Author

Tom Field

Tom Field

Senior Vice President, Editorial, ISMG

Field is responsible for all of ISMG's 28 global media properties and its team of journalists. He also helped to develop and lead ISMG's award-winning summit series that has brought together security practitioners and industry influencers from around the world, as well as ISMG's series of exclusive executive roundtables.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.