When Google this month fired a programmer for using the search giant’s database to investigate an intriguing teenager, it showed that even the most sophisticated and respected technology brands can have a trusted employee go rogue. This lesson should not be lost on retail executives, who may rely on several third-party service providers to process or analyze their payments.
Heartland Payment Systems has agreed to pay $5 million to Discover to settle claims arising from the massive data breach disclosed by the payment processor last year.
In a brief statement on Wednesday, the Princeton, N.J.-based Heartland said the settlement “resolves all issues” between the two companies stemming from the intrusion.
The payment system at a number of properties of HEI Hospitality – the hospitality operator that runs over 30 upscale hotels across the U.S. under brand names as Marriott, Hilton, Sheraton and others – has been breached and card data of some 3,400 customers has been compromised, says Databreaches.net.
|130,000,000||2009-01-20||Heartland Payment Systems, Tower Federal Credit Union, Beverly National Bank|
|94,000,000||2007-01-17||TJX Companies Inc.|
|90,000,000||1984-06-01||TRW, Sears Roebuck|
|76,000,000||2009-10-05||National Archives and Records Administration|
|40,000,000||2005-06-19||CardSystems, Visa, MasterCard, American Express|
|26,500,000||2006-05-22||U.S. Department of Veterans Affairs|
|25,000,000||2007-11-20||HM Revenue and Customs, TNT|
|17,000,000||2008-10-06||T-Mobile, Deutsche Telekom|
|16,000,000||1986-11-01||Canada Revenue Agency|
|12,500,000||2008-03-26||LaSalle Bank, BNY Mellon Shareowner Services, Archive Systems Inc, The Walt Disney Company, SYNOVUS|
Visa on Tuesday announced a set of security best practices for vendors of payment applications and for the systems integrators and resellers responsible for implementing and managing them.
The guidelines are designed to address continuing vulnerabilities in the payment chain stemming from insecure implementations of the applications that are used in credit and debit card transactions, according to Eduardo Perez, Visa’s head of global payment system security.
Visa today announced global industry best practices for payment application vendors, integrators and resellers that implement, install or manage payment-related systems on behalf of merchants. The best practices developed by Visa in collaboration with the SANS Institute are designed to complement the Payment Card Industry (PCI) Payment Application Data Security Standard (PA-DSS).
It’s going to be called the Payment Card Industry Data Security Standard 2.0, and the full-blown text of this upcoming standard that governs how businesses must guard sensitive cardholder information on their networks will be out at the beginning of September, according to the organization in charge of it.
Many orders still flow through this payment channel and, as is the case with all cardholder data, it must be secured, handled in compliance with the PCI DSS
THE huge growth in the payment of goods or services over the internet, or by phone or mail, is responsible for the loss by merchants of about $89 million last year through fraud when credit cards used in a business transaction are not seen by the seller.
This week Visa Inc. said it’s going to reduce unnecessary storage of sensitive card information in merchant payment systems. Specifically, Visa is clarifying that existing operating regulations ensure acquirers and issuers allow merchants to present a truncated, disguised or masked card number on a transaction receipt for dispute resolution in place of the full 16-digit card number.
“By reducing the amount of vulnerable data in merchant systems that must be protected from compromise, merchants can see greater security as well as more streamlined compliance needs,” said Visa’s Eduardo Perez, head of global payment system security, in a statement.