Accounts likely safe despite Heartland security breach, officials say

Payment processor CEO calls for increased safety standards

Published: January 28, 2009
By Jennifer Fiala
Customers that contract with Heartland Payment Systems to process retail and online payments likely are protected from a security breach that some rank as one the largest recorded in history.

That comes from an insider at New Jersey-based Heartland, who explains that while hackers might have gleaned the credit card numbers of thousands of cardholders, they did not get the names, addresses and CVV (card verification value) numbers that accompany the cards and are required to complete most transactions.

Heartland serves many small businesses, including an undisclosed number of veterinary practices as well as the Veterinary Information Network (VIN).

“We’ve been in close contact with Heartland to ensure we were doing all we could and giving VINners the most accurate information available. Everything we’ve learned gives us confidence that the risk to VIN members and to their clients, if they use Heartland as the processor for their clinic, is very low,” VIN founder Dr. Paul Pion says. “Although Heartland has communicated to us that VISA and MasterCard have told them that because the information 'stolen' was incomplete, notification of cardholders is not necessary, our advise to VINners, as always, is to keep a close eye on your credit card statements — and please don't hesitate to notify VIN if anything suspicious appears. We will inform all VIN members if any new information arises that changes our assessment of this situation.”

In a news release issued yesterday, Heartland announced it has formed an internal department dedicated to developing additional protection measures for clients. Last Friday, company founder and chief executive officer Robert Carr noted that other merchant data such as social security numbers, unencrypted personal identification numbers and telephone numbers remain protected.

Carr characterizes the breach, covered last week by The VIN News Service, as a “global cyber-fraud operation.” The company reportedly is working with the forensic auditors and the U.S. Secret Service, which investigates payment and financial systems fraud.

Officials say Visa and MasterCard alerted Heartland in late 2008 of “suspicious activity” related to transactions at merchants that contracted with the company to process payments. They discovered that “malicious software” had compromised data that crossed Heartland’s network.

“We found evidence of an intrusion last week and immediately notified federal law enforcement officials as well as the card brands,” explains Robert H.B. Baldwin, Jr., Heartland’s chief financial officer and president in a Jan. 20 statement.

Since then, CEO Carr has put a call out for industry adoption of improved safety standards for payment security such as end-to-end encryption, a technology in development that offers additional data protection.

VIN News Service commentaries are opinion pieces presenting insights, personal experiences and/or perspectives on topical issues by members of the veterinary community. To submit a commentary for consideration, email news@vin.com.

Information and opinions expressed in letters to the editor are those of the author and are independent of the VIN News Service. Letters may be edited for style. We do not verify their content for accuracy.


 
SAID=27