GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View PDF of this issue

Care to Share?

Table of Contents

Lead Story

Work that net:
The ABCs of online social networking


Industry Update

AmEx green with Web access

UIGEA, WTO rules at odds

Alternative currencies - better with plastic?

In the OTA we trust

Slaying the breach elephant

Selling Prepaid

Prepaid in brief

Complexities, solutions for prepaid fraud

Key players in Health Care 2.0

Unity and beyond


Social networking's impact on payments

Patti Murphy
The Takoma Group

A bigger bite for Visa, MasterCard

Ken Musante
Humboldt Merchant Services

Go remote: Boost security and profits

Stuart Taylor
Hypercom Corp.


Street SmartsSM:
Blog on, link in, tweet out

Jon Perry and Vanessa Lang

Marketing with social networks

Vicki M. Daughdrill
Small Business Resources LLC

Much ado about Twitter

Nancy Drexler
SignaPay Ltd.

Summiting the social networks

Dale S. Laszig
DSL Direct LLC

Payments and social networking:
A legal perspective

Adam Atlas
Attorney at Law

Level 4: The small-merchant PCI challenge

Joan Herbig

Company Profile

Global eTelecom Inc.

New Products

A new skimming antidote

Anti-Skim ATM Security Solution
ADT Security Services Inc.

Gift card network at your service

SparkBase 3.0


Lifelong learning: A business strategy



Resource Guide


A Bigger Thing

The Green Sheet Online Edition

April 27, 2009  •  Issue 09:04:02

previous next

Slaying the breach elephant

To share information about data breaches and prevent cyber criminals' continued attacks on the payments industry, Heartland Payment Systems Inc. founder, Chairman and Chief Executive Officer Robert O. Carr extended an invitation to the top 25 merchant acquirers and their registered third-party processors to attend the inaugural meeting of the Payments Processor Information Sharing Council on May 5, 2009, from 1:30 to 5 p.m., in St. Pete Beach, Fla.

After Heartland revealed in January 2009 that it had been the victim of a security breach, Carr wanted to know whether similar breaches had occurred at other processors, and if such breaches had occurred, why Heartland and other potentially vulnerable processors had not been informed so they could have protected their cardholder data from the same type of intrusion.

"We now know that exactly what happened to us has happened to other people in the past," Carr said. "And we thought we should form an organization of processors to let them know what the bad guys are doing so they can't pick us off one by one."

Sharing is imperative

The PPISC's meeting in May is in conjunction with the Financial Services Information Sharing and Analysis Center's member meeting and conference.

The FS-ISAC is a nonprofit organization dedicated to sharing information among its members, the government and other infrastructure sectors such as telecommunication and utility companies. All parties receive alerts concerning cyber and physical threats as well as vulnerabilities and incidents of concern.

"I checked out the FS-ISAC, and everyone that knew them said they were a great organization and had already set up all the infrastructure to do this on a private and confidential basis," Carr said.

"The Secret Service and the FBI are also members. So I talked to Bill Nelson, their Executive Director, and we agreed the best thing to do was to set up a division of the FS-ISAC specifically for the payments industry, and that's how the PPISC got its start."

Three options dominate

Carr said there are three categories of alternatives for improving security standards that will be addressed at the meeting - tokenization, end-to-end encryption and chip and PIN.

"There may be other categories, but most of what people are talking about and concerned with fit into one of these three areas," Carr said "And in my view all three of those should be approved as higher standards, and then let the merchants decide what they want to use."

About 20 merchant acquirers and third-party processors are registered for the event. However, some of the people Carr contacted have not replied. "Sometimes we just don't know who to contact, so if The Green Sheet could help get the word out, I feel like this will encourage the right people to say, 'Hey, I should be there,'" Carr said.

Contact is welcome

In addition to a detailed forensic analysis of the Heartland attack and discussion of the detrimental effect of breaches on financial institutions, the meeting will identify goals for the PPISC and schedule future meetings.

"Now that acquirers and processors understand the purpose of this meeting, they can just send me an e-mail personally saying that they should be there, and I'll just deal with them directly about getting registered," Carr said. If you are an invitee or major third-party processor interested in attending, contact Carr at The meeting will take place at the Don CeSar Beach Resort; a reception and dinner will follow.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | USAePay | Board Studios