Robert Carr, CEO of Heartland Payment Systems, blamed his company's possibly record breaking card security breach that it revealed in January on the firms the company hired to audit its compliance with card data security standards. In an interview with Computerworld magazine (www.computerworld.com), Carr expressed shock that not only had the firm's tasked with auditing Heartland's compliance with industry data standards failed to detect its potential vulnerabilities, they had been ignorant that thieves had been widely using a similar approach prior to attacking Heartland. "The audits done by our QSAs [qualified security assessors] were of no value whatsoever," Carr told the magazine. "To the extent that they were telling us we were secure beforehand, that we were PCI compliant, was a major problem. The QSAs in our shop didn't even know this was a common attack vector being used against other companies. We learned that 300 other companies had been attacked by the same malware. I thought, 'You've got to be kidding me.' That people would know the exact attack vector and not tell major players in the industry is unthinkable to me. I still can't reconcile that."
This copy is for your personal, non-commercial use only. To order presentation-ready copies for distribution to your colleagues, clients or customers, click the "Reprints" link at the top of any article.
Heartland CEO Blames Breach On PCI Auditors
Want the latest credit union news?
Sign up for our free newsletter today! All the breaking credit union news and information you need to make the right decision for your credit union delivered to your inbox. For free!
Thanks for subscribing, you will start receiving the Daily News Alert tomorrow!
Comments
Resource Center
View All »
Measure and Monitor the Risks and Opportunities in Loan Portfolios
Get a complimentary demo of our loan portfolio analytics and access to the white paper,...
