An immense data security breach has purportedly compromised tens of millions of credit cards and debit cards, fostering concern and worry among customers who patronize merchants who use Heartland’s processing system. Merchants, too, are extremely anxious about offering a platform where data security has been rendered vulnerable. Of course, Heartland Payment Systems has also spiraled downward since the company reported the breach, receiving acerbic attacks from its perceived irresponsibility to its timing of the disclosure. (Heartland announced the details of the data breach on the day of Barack Obama’s presidential inauguration.)
President and chief financial officer of Heartland, Robert H.B. Baldwin Jr., reported that malicious software was discovered in its processing system, enabling data to be pilfered as it crossed Heartland’s network. The Princeton, NJ based company was initially alerted by Visa and MasterCard about “suspicious activity” pertaining to processed cards, and during the week of January 12th, made the unsettling discovery that widespread fraud had transpired the year before.
According to Heartland, they acted immediately, contacting the federal authorities and hiring forensics teams to uncover the source of the data breach in the important quest to find the parties responsible. The company continues to communicate with its massive client base (over 250,000 US businesses process with Heartland Payment Systems), providing information about the data breach and reassuring merchants that the company is taking proactive steps to prevent a future occurrence (e.g., devising a program to flag network anomalies).
To its credit, Heartland has created the following site to provide further enlightenment on the breach and its aftermath: http://www.2008breach.com. But despite Heartland’s assertion that it maintains a stance of full transparency regarding this issue, many customers and merchants assert that Heartland is just performing exercises in “damage control.”
Indeed, this is a public relations nightmare experienced by Heartland. Merchant account providers need to provide reassurance to merchants and their customers that all networks are secure, and that credit card data is safe. It is difficult to speculate how many merchants may leave Heartland as a result of this breach, or how many merchants may now refrain from opening accounts with Heartland.
Moreover, the company is likely to face stiff fines and penalties due to its ostensible transgression. Card-issuing banks may further exact a financial toll on Heartland Payment Systems as they may bill for their costs in closing and reopening customers’ accounts. (This is especially likely as banks are experiencing their own financial woes, more averse than ever to paying for someone else’s tab.)
While Heartland tries to navigate through this difficult challenge, affected cardholders must also do their best to mitigate against any potential impact. As always, statements must be dissected and unauthorized transactions must immediately be reported to card-issuing banks.
Many customers who prefer to err on the side of caution are opting to get new credit cards, discarding old ones that perhaps have been compromised. Those who demand further credit or identity theft protection will not be obliged by Heartland. The company declares that such protection is not warranted because no Social Security numbers, or unencrypted PINs, addresses, or telephone numbers were exposed.
However, the amount of data compromised and the extent and way it has been used remains unknown. As Heartland Payment System processes over 100 million transaction per month, the potential of this data breech is enormous. It is being compared to past data security lapses sustained by TJX (TJ Max) or CardSystems Solutions.
Needless to say, customers, merchants, and affected companies, all suffer when the integrity of data becomes compromised. It is difficult to place a total dollar figure on losses incurred by all parties, as fraud expands and escalates as a result. Our own collective intangible feelings about our systems of commerce become tainted as well.
Consequently, all companies who are trusted data custodians must strive for perfection. Indeed, there is NO room for error.
_____________________________________________________
To learn more about our merchant services, please visit http://www.intell-collect.com
