Heartland Says It Accelerates Development of End-to-End Encryption
Heartland Payment Systems has announced that "it has formed an internal department dedicated exclusively to the development of end-to-end encryption to protect merchant and consumer data used in financial transactions. For the past year, Robert O. Carr, Heartland's chairman and chief executive officer, has been advocating for payments industry adoption of this technology - which will protect data at rest as well as data in motion - as an improvement for payment transaction security."
Carr stated, "PCI is a good and effective standard, but the bad guys have become more sophisticated to the point where encryption of data in motion appears to be one of the next required steps. There is no single silver bullet that will secure payment systems, and constant vigilance and monitoring of the infrastructure will always be required. Nevertheless, I believe the development and deployment of end-to-end encryption will provide us the ability to implement increasing levels of security protection as they become needed.
"Heartland has been working on the development of end-to-end encryption, but in light of our recent data breach and the impact cyber fraud has had on the public and processors nationwide, we are ramping up our efforts," Carr continued. "To do this, we are forming a dedicated internal department and have named Steven M. Elefant, a well-known expert in point-of-sale payments, executive director."
Elefant is a member of the US Secret Service Electronic Crimes Task Force and Infragard, a public/private partnership of the Federal Bureau of Investigation. He is the co-founder and former chief executive officer of ICVerify Inc. ICVerify became the leader in payment processing integration of PC-based point-of-sale software. In 1998, Elefant merged ICVerify with CyberCash Inc. to form an Internet service provider for electronic commerce.
Recently, Elefant has been involved in numerous technical ventures in the payments and venture capital industries. His breadth of experience spans a wide spectrum including merchant and consumer services for online consumer auctions and ASP services for merchandise and payments management.
"Late last year, Steve began a consulting project to help us define a business model for bringing Software as a Service (SaaS) applications to our merchant base," Carr noted. "Now, as a Heartland employee, he will focus on the first leg of end-to-end encryption - getting encrypted data from the point of swipe/entry at the merchant to our switch so malware cannot steal data in motion. The internal network encryption infrastructure will be handled by a combination of new and existing IT professionals under Steve's direction."
Elefant said, "I have known Bob Carr for more than 20 years. We gained respect for one another as competitors in the late '80s and '90s, and I believe Heartland's desire to bring end-to-end encryption to market and work with other processors to share information about cyber crime incidents are significant steps for our industry."
Good Luck in making this happen.
Posted by: Dennis Freiburg | January 27, 2009 at 01:27 PM
I'm not exactly sure why Heartland would try to tackle this problem. There are already vendors like nuBridges in the market that offer encryption products for data at rest and data in motion.
Posted by: JGM | January 28, 2009 at 06:12 PM