CUNA News Now: Heartland tests new encryption

News Now LiveWire

Most CUs will provide wage increases for at least some of their employees, according to CUNA's just-released Small CU Staff Salary Survey. 12 hours ago

St. L Post Dispatch on GAO report:Consumers may not benefit from altering Interchange system;would cut card competition. http://ow.ly/ETyX 13 hours ago

CUNA's Hampel: Consumer holiday spending will be up slightly from last year. See Tues NN. 17 hours ago

NCCUL and WOCCU met with Romanian CUs this week. The CUs are experiencing growth and want to increase their public relations efforts. 4 days ago

Kent Buckham has been named by NCUA as director of the newly created Office of Consumer Protection. The 7-person dept. launches in Jan. 4 days ago

Sign up; more tweets...

PRINCETON, N.J. (7/2/09)--Heartland Payment Systems, one of the nation's largest payments processors, successfully completed the first phase of its end-to-end encryption pilot project Monday in response to last year's data breach.

The company announced in January that its processing system was breached last year, compromising millions of credit cards and affecting credit unions and their members nationwide. Credit unions in Alabama, California, Florida, Louisiana and Texas have joined in class action lawsuits seeking damages related to the Heartland breach (News Now Jan. 21, March 2 and April 2).

The first step of the company's pilot involved transmitting live Advanced Encryption Standard (AES)-encrypted card transactions from a merchant to Heartland's processing platform. AES is the highest level of encryption and is on track to replace Data Encryption Standard (DES) and Triple DES as the desired standard for sensitive data, said Heartland (BusinessWire June 30).

To his knowledge, this is the first time encrypted transactions have been sent from a merchant's card reader to and through a major processor's payments network, said Robert O. Carr, Heartland chairman/CEO.

"[Monday's] transactions involved a Texas-based merchant and multiple credit card, prepaid and signature debit card transactions testing each of the major card brands," Carr said. "These cards were read by our newly developed pilot tamper-resistant security module (TRSM) terminal. The data was encrypted as the electronic digits left the magnetic stripe and entered the TRSM hardware device. The data was then successfully transmitted to and through our processing platform for authorization and settlement.

"Typically, cardholder data is unencrypted as it leaves a merchant's terminal and is not encrypted until it is either tokenized in a gateway or at rest in the processing platform's data warehouse," Carr continued. Cardholder data in transit is at risk of being compromised if cyber criminals or hackers use methods such as network or memory sniffer malware to get the data.

"To protect data throughout the life cycle of a credit, debit or prepaid card transaction, Heartland is developing end-to-end encryption technology we call E3 that is designed to encrypt the transaction from the card read through our network and ultimately through transmission to the card brands," he added.

Credit unions are still reissuing members' cards compromised in Heartland's data breach. For example, Omaha (Neb.) Police FCU is replacing 1,167 of its members' debit cards after being notified that the cards were among those compromised in the Heartland data breach (Omaha World-Herald June 30).



SEARCH Headlines Washington CU System Market Products & Services Consumer Print Today’s News Photo Gallery Videos Monthly Top 10 Archive Headlines via Email Enter your email address: text or HTML RSS Feed What is RSS? Contact News Now
	News Now LiveWire Most CUs will provide wage increases for at least some of their employees, according to CUNA's just-released Small CU Staff Salary Survey. 12 hours ago St. L Post Dispatch on GAO report:Consumers may not benefit from altering Interchange system;would cut card competition. http://ow.ly/ETyX 13 hours ago CUNA's Hampel: Consumer holiday spending will be up slightly from last year. See Tues NN. 17 hours ago NCCUL and WOCCU met with Romanian CUs this week. The CUs are experiencing growth and want to increase their public relations efforts. 4 days ago Kent Buckham has been named by NCUA as director of the newly created Office of Consumer Protection. The 7-person dept. launches in Jan. 4 days ago Sign up; more tweets... Heartland tests new encryption PRINCETON, N.J. (7/2/09)--Heartland Payment Systems, one of the nation's largest payments processors, successfully completed the first phase of its end-to-end encryption pilot project Monday in response to last year's data breach. The company announced in January that its processing system was breached last year, compromising millions of credit cards and affecting credit unions and their members nationwide. Credit unions in Alabama, California, Florida, Louisiana and Texas have joined in class action lawsuits seeking damages related to the Heartland breach (News Now Jan. 21, March 2 and April 2). The first step of the company's pilot involved transmitting live Advanced Encryption Standard (AES)-encrypted card transactions from a merchant to Heartland's processing platform. AES is the highest level of encryption and is on track to replace Data Encryption Standard (DES) and Triple DES as the desired standard for sensitive data, said Heartland (BusinessWire June 30). To his knowledge, this is the first time encrypted transactions have been sent from a merchant's card reader to and through a major processor's payments network, said Robert O. Carr, Heartland chairman/CEO. "[Monday's] transactions involved a Texas-based merchant and multiple credit card, prepaid and signature debit card transactions testing each of the major card brands," Carr said. "These cards were read by our newly developed pilot tamper-resistant security module (TRSM) terminal. The data was encrypted as the electronic digits left the magnetic stripe and entered the TRSM hardware device. The data was then successfully transmitted to and through our processing platform for authorization and settlement. "Typically, cardholder data is unencrypted as it leaves a merchant's terminal and is not encrypted until it is either tokenized in a gateway or at rest in the processing platform's data warehouse," Carr continued. Cardholder data in transit is at risk of being compromised if cyber criminals or hackers use methods such as network or memory sniffer malware to get the data. "To protect data throughout the life cycle of a credit, debit or prepaid card transaction, Heartland is developing end-to-end encryption technology we call E3 that is designed to encrypt the transaction from the card read through our network and ultimately through transmission to the card brands," he added. Credit unions are still reissuing members' cards compromised in Heartland's data breach. For example, Omaha (Neb.) Police FCU is replacing 1,167 of its members' debit cards after being notified that the cards were among those compromised in the Heartland data breach (Omaha World-Herald June 30). Resource Links Good Habits Protect Your Plastic Cards Against Fraud statement stuffer More CU/System
	Copyright © 2009 - Credit Union National Association, Inc.

More CU/System