Heartland Payment Systems: Lessons Learned from a Data Breach

20 Pages Posted: 23 Jan 2010

See all articles by Julia S. Cheney

Julia S. Cheney

Federal Reserve Bank of Philadelphia

Date Written: January 1, 2010

Abstract

On August 13, 2009, the Payment Cards Center hosted a workshop examining the changing nature of data security in consumer electronic payments. The center invited the chairman and CEO of Heartland Payment Systems (HPS or Heartland), Robert (Bob) Carr, to lead this discussion and to share his experiences stemming from the data breach at his company in late 2008 and, as important, to discuss lessons learned as a result of this event. The former director of the Payment Cards Center, Peter Burns, who is acting as a senior payments advisor to HPS, also joined the discussion to outline Heartland?s post-breach efforts aimed at improving information sharing and data security within the consumer payments industry. In conclusion, Carr introduced several technology solutions that are under discussion in payment security circles as ways to better secure payment card data as they move among the different parties in the card payment systems: end-to-end encryption, tokenization, and chip technology. While HPS has been very supportive of end-to-end encryption, each of these alternatives offers its own set of advantages and disadvantages.

Suggested Citation

Cheney, Julia S., Heartland Payment Systems: Lessons Learned from a Data Breach (January 1, 2010). FRB of Philadelphia - Payment Cards Center Discussion Paper No. 10-1, Available at SSRN: https://ssrn.com/abstract=1540143 or http://dx.doi.org/10.2139/ssrn.1540143

Julia S. Cheney (Contact Author)

Federal Reserve Bank of Philadelphia ( email )

Ten Independence Mall
Philadelphia, PA 19106-1574
United States

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
1,063
Abstract Views
3,351
Rank
41,229
PlumX Metrics