Card Not Present Fraud , Fraud Management & Cybercrime , Governance & Risk Management
Heartland CEO Carr Reflects on Breach
Enterprises Must Improve Breach Detection, Adopt End-to-End EncryptionBob Carr, founder and CEO of payments processor Heartland Payment Systems, which suffered a massive and historic data breach in 2008, says all organizations need to boost their efforts to detect and prevent breaches, especially through wider use of encryption.
See Also: Core Elements of Modern Workforce Identity Security
In a video interview recorded at Information Security Media Group's recent 2015 Data Breach & Prevention Summit New York, Carr acknowledges that the processor made some initial missteps in dealing with the breach, caused by SQL injection.
"We knew when the breach happened ... and within hours we thought we had remediated it," he says. "That was our mistake ... The bad guys were in our system for six months before they figured out how to cross over into our payments network, which is when the disaster really occurred."
The breach ultimately exposed 130 million debit and credit cards and cost card issuing banks and credit unions about $500 million (see Heartland's Carr on U.S. Card Security Shortcomings).
One of the most significant steps Heartland took in the wake of the breach, Carr says, was to launch development of an encryption terminal for the payments industry. He argues that end-to-end encryption is essential to the fight against fraud.
In the interview, Carr also discusses:
- The reasons why Heartland quickly told customers and partners about the breach;
- The role of merchants in ensuring payments security;
- Why the U.S migration to EMV will help reduce fraud risks.
Carr founded Heartland Payment Systems in 1997, building it from a 25-person startup to a Fortune 1000 company serving more than 400,000 business and educational locations nationwide. After Heartland recovered from its 2008 data breach, Carr developed "The Merchant Bill of Rights," an advocacy plan designed to educate merchants on the importance of transparency in payments processing. Carr also is the founder of the Give Something Back Foundation, which provides financial support to college students. In 2014, Carr wrote "Through the Fires: An American Business Story of Turbulence, Triumph and Giving Back."