January 22, 2009

The Highest Standards - The Most Trusted Transactions, NOT!

Blogger: Gerry Gebel

"The Highest Standards - The Most Trusted Transactions" That's the slogan on Heartland Payment Systems web site, which is obviously off the mark based on reporting that a massive security breach has resulted because of malware code installed somewhere on their network. The exact extent of the breach is unknown at this time, but the potential numbers are staggering. Heartland processes credit card transactions for 250,000 US merchant locations which amounts to some 100 million transactions per month and 4 billion annually. The malware skimmed the information found on credit card magnetic stripes - card number, cardholder name, and expiration dates - as the data was transmitted from merchants to Heartland's systems.

Heartland's president and CFO, Robert Baldwin, made comments in another article that are unsettling to say the least: "In this case, the amount of information we know they did not get is long enough that except in very circumscribed cases identity theft is just not possible," said Baldwin. Based on this assessment, Heartland will not attempt to notify potential breach victims - even if it could identify all of them. It's great that Mr. Baldwin is so confident, but the reality is that a little searching and persistence will connect the Heartland identity "dots" with other pieces of readily available data. To quote my colleague, Kevin Kampman, "The problem here is that little pieces fit together nicely with others, enabling sophisticated thieves to assemble data from seemingly unrelated sources in order to accomplish wider ranging compromises. In their case, every little bit helps. There’s no sense in feeding them more."

Unfortunately, this latest breach highlights the continued vulnerability of our personal data as it transits a myriad of locations and handlers for the purpose of completing seemingly routine transactions. 2009 is not off to a good start, as chronicled by the Privacy Rights Clearinghouse - which doesn't yet include the Heartland incident. Will 2009 be the year when this trend is reversed? So far, the answer is "No"

Posted by at 11:37 AM in Gerry Gebel, identity theft and fraud, privacy | | Comments (0) | TrackBack (0)

|

January 15, 2009

Kerberos interop event hosted by Microsoft!

Blogger: Gerry Gebel

At Burton Group we are big fans of interoperability events so it was great to see that the MIT Kerberos Consortium announced it will host an interoperability event this March 30 to April 3 at Microsoft's offices in Redmond. Kerberos is a key element to many organizations' single sign-on strategy, providing standards-based mechanisms that are supported by many platforms and applications. It will be very interesting to see who participates, what the testing scenarios are, and how the results turn out.

Posted by at 02:31 PM in authentication, Gerry Gebel, interoperability | | Comments (0) | TrackBack (0)

|

  • Burton Group Free Resources Stay Connected Stay Connected Stay Connected Stay Connected

Categories



Archives

More...

About

Blog powered by TypePad