Here’s another article on the Heartland breach - this one from the NYT.  It’s interesting as Heartland’s founder gave a presentation at the VeriFone payments conference in the fall pushing for some of the end-to-end encryption technology that companies (like VeriFone) are starting to implement.

I wonder if that solution would have successfully addressed this attack.

It is interesting how, at the end of this article, they start to call into question the effectiveness of the whole PCI effort.  Now, if you have read anything that I’ve put up on this blog, you’ll know that I certainly do not consider PCI the final word in security for retailers or processors.  It’s really the base starting point, but the standard itself (and it’s enforcement) has done some significant good by forcing companies to take some basic steps towards securing their credit card information.

The fact that breaches are still occuring really isn’t that surprising - the bad guys are pretty smart and they get better as the security improves.  It’s an arms race…  The fact that these types of breaches aren’t happening more often is actually somewhat surprising given the lack of effort that many of these organizations had made over the years to keeping their environments secure.

Anyway, I’m getting off-topic.  It’s a short article and they mention the Heartland breach website - link - but there isn’t much information there at the moment.

Credit Card Processor Says Some Data Was Stolen - NYTimes.com.