Wednesday, February 25, 2009

Heartland CEO: PCI Certification Sucks

"Heartland Payment Systems' top executives on Tuesday shed more light on the firm's massive data breach, and said that Heartland would fight ensuing lawsuits stemming from the incident.

"In an earnings call, the transcript of which has been posted online as well as summarized in the firm's fourth quarter 2008 financial report, Heartland chairman and CEO Bob Carr said the malware that infected the firm's systems could read and collect unencrypted data in motion, and that the attackers may have been able to `trade` from its network some of the data that was accessed.

"`Keep in mind that Heartland passed its PCI certification last April, and assessors are currently on-site for 2009 certification, which we are targeting to begin to complete by the end of April. In that regard, throughout the potential period of the breach, Heartland did have antivirus software installed on its payment processing network,` Carr said."

More at DarkReading...

No comments: