Robert Carr, CEO of Heartland Payment Systems, blamed his company's possibly record breaking card security breach that it revealed in January on the firms the company hired to audit its compliance with card data security standards. In an interview with Computerworld magazine (, Carr expressed shock that not only had the firm's tasked with auditing Heartland's compliance with industry data standards failed to detect its potential vulnerabilities, they had been ignorant that thieves had been widely using a similar approach prior to attacking Heartland. "The audits done by our QSAs [qualified security assessors] were of no value whatsoever," Carr told the magazine. "To the extent that they were telling us we were secure beforehand, that we were PCI compliant, was a major problem. The QSAs in our shop didn't even know this was a common attack vector being used against other companies. We learned that 300 other companies had been attacked by the same malware. I thought, 'You've got to be kidding me.' That people would know the exact attack vector and not tell major players in the industry is unthinkable to me. I still can't reconcile that."

Complete your profile to continue reading and get FREE access to, part of your ALM digital membership.

  • Critical information including comprehensive product and service provider listings via the Marketplace Directory, CU Careers, resources from industry leaders, webcasts, and breaking news, analysis and more with our informative Newsletters.
  • Exclusive discounts on ALM and CU Times events.
  • Access to other award-winning ALM websites including and

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.