Post-breach, Heartland plans aggressive encryption project

06.05.2009
Heartland Payment Systems plans to protect its credit- and debit-card processing network with an end-to-end encryption system that it will begin rolling out with its merchants in the third quarter.

After acknowledging in January that it suffered a , Heartland today "is basically leading the way for the rest of the industry," says Gartner analyst Avivah Litan, noting that Heartland's plan for an end-to-end encryption system will be the first effort of its kind in the United States.

The system will be based on hardware and software that Heartland is spending millions of dollars to develop with help from soon-to-be-announced technology partners. Heartland has not yet publicly released the technical specifications.

Heartland processes about 100 million card transactions each month, and it's not yet clear exactly how much fraud was committed as a result of the breach, though Visa and MasterCard, as well as some banks, have indicated fraud can be traced back to the .  (Heartland may discuss the breach impact in more detail in its financial earnings call Thursday.)

"Sniffers were put on the network by bad guys," recalls Bob Carr, Heartland's chairman and CEO, describing how cyber-crooks were able to capture card information travelling in the clear between merchant point-of-sale devices and the processor's network.

Heartland's processing network is used by 175,000 merchant customers at 250,000 locations. Later this summer Heartland plans to have some merchants start using the specialized encryption equipment that it's developing. Heartland says it won't subsidize the cost of that gear, but would sell it close to cost. The long-term goal at Heartland is to require end-to-end encryption once the first trial period succeeds.