How Heartland Payments Is Securing Its Future
VIDEO: Bob Carr, CEO of Heartland Payments, discusses the lessons he learned from his company's major data breach and why he's optimistic about the future.Robert (Bob) Carr knows firsthand what it's like to be the victim of a data breach. Carr is the CEO of payment processor Heartland, which was breached in 2008. Since then, Carr has been on a mission to remake payment security as robust as possible and do whatever is necessary to reduce the risk of future breaches. In a video interview with eWEEK, Carr discusses the lessons learned from his company's breach and what Heartland is doing now to help make the payment ecosystem more secure. Carr said that attackers have figured out how to get into integrated payment systems, which is why it's important to have a more discrete and separated approach today. He also noted that the Payment Card Industry Data Security Standard (PCI DSS) is a difficult regimen to comply with, even for the most sophisticated organizations. What Heartland is doing now is providing merchants with a separate technology that interfaces with point-of-sale (POS) systems. Carr explained that when a sale is begun, the tender amount is sent to Heartland, which takes the tender amount and gets the authorization, captures the transaction and sends the receipt information back to the POS. The entire process is encrypted from end to end to protect card-holder data.
"We encrypt the transaction at the point of interaction with the consumer," Carr said. "It comes to us encrypted. We send back a token, and so if the bad guys get into the system, there is no usable data and that completely discourages the bad guys."