[IMGCAP(1)]

Heartland Payment Systems Inc., the merchant processor that last week announced hackers captured an untold amount of transaction data in a network breach in 2008 (CardLine, 1/20), has hired Steven M. Elefant as an executive director of a department in charge of developing encryption measures. He will oversee Heartland's work to encrypt sensitive payment data throughout the entire transaction process. Late last week, Robert O. Carr, chairman and CEO of the Princeton, N.J.-based processor, called on the industry to adopt measures that encrypt payment data throughout the transaction process (CardLine, 1/23). Currently, payment data may enter the transaction loop connecting the merchant to the processor encrypted, but the information eventually must be decrypted, thereby making it vulnerable. Fraudsters are zeroing in on "data-in-transit" thefts because Payment Card Industry data-security efforts increasingly push merchants away from storing data, reducing the possibility thieves will seek stored data, says Trustwave, a Chicago-based payment-security company (CardLine, 12/19/08). PCI standards are "good and effective, … but the bad guys have become more sophisticated to the point where encryption of data in motion appears to be one of the next required steps," Carr says in a statement. The first task for Elefant, a member of the U.S. Secret Service Electronic Crimes Task Force, is to work on getting encrypted card data from the point of sale to Heartland's switch so crooks cannot use the information they capture with malicious software.

Subscribe Now

Authoritative analysis and perspective for every segment of the payments industry

14-Day Free Trial

Authoritative analysis and perspective for every segment of the industry