Heartland Payment Systems: Lessons Learned from a Data Breach
Julia S. Cheney
Federal Reserve Bank of Philadelphia
January 1, 2010
FRB of Philadelphia - Payment Cards Center Discussion Paper No. 10-1
On August 13, 2009, the Payment Cards Center hosted a workshop examining the changing nature of data security in consumer electronic payments. The center invited the chairman and CEO of Heartland Payment Systems (HPS or Heartland), Robert (Bob) Carr, to lead this discussion and to share his experiences stemming from the data breach at his company in late 2008 and, as important, to discuss lessons learned as a result of this event. The former director of the Payment Cards Center, Peter Burns, who is acting as a senior payments advisor to HPS, also joined the discussion to outline Heartland?s post-breach efforts aimed at improving information sharing and data security within the consumer payments industry. In conclusion, Carr introduced several technology solutions that are under discussion in payment security circles as ways to better secure payment card data as they move among the different parties in the card payment systems: end-to-end encryption, tokenization, and chip technology. While HPS has been very supportive of end-to-end encryption, each of these alternatives offers its own set of advantages and disadvantages.
Number of Pages in PDF File: 20working papers series
Date posted: January 23, 2010
© 2013 Social Science Electronic Publishing, Inc. All Rights Reserved.
This page was processed by apollo5 in 0.406 seconds