Another Processor Breach: say it isn’t so
I have heard from many of the folk I interact with frequently (security folk, payments folk, developer folk, other folk) regarding the newly rumoured processor breach.
Many have asked if I have any information…or know something that others may not. Quite simply, no. I don’t sit on any task forces or interact with folk that would share that sort of information in a way that I could communicate.
So, like many, I rely on other sources to obtain my information. Chief among them is what I consider the best site regarding breach situations in general: The Office of Inadequate Security. My hope is that, as they postulate in a post entitled: Sifting Through The Tea Leaves, the issue is an expansion of an extant breach rather than a new breach.
Continuing on my last post…from entirely too long ago…I’d thought I’d give you a bit of my personal experience with the current outcome of the HeartLand breach.
3 of my personal credit (or debit) cards have been replaced.
My wife’s debit card has been replaced.
Why so many? I happen to know, and this time it is “inside” information, that a place I frequent when traveling utilizes/d Heartland for their payment processing.
But what does it mean to me? Quite simply, a giant pain in my bum.
1 of the cards was limited to $100 maximum transaction for the 2 weeks it took for replacement. Another card, that has a PIN associated, arrived several days before the cancellation. Unfortunately, the PIN arrived several days following cancellation. It is fortunate that I live a fairly cash free existence.
I’ve spent several hours explaining the situation…in decidedly non-technical terms…to friends and acquaintances. Interestingly, even though the information they received from their bank/credit union/issuer indicated a breach of another provider, they all blamed the person sending them the letter. Several, in fact, have gone through the motions of changing their banking relationship as a result. Short of drawing them detailed technical diagrammes and transaction flows, I had no clear method of explaining that flaw in logic.
Professionally…not all that dissimilar.
What’s your perspective? Agree? Disagree? Anything to add? Critiques? The comment form is below. . .
February 27, 2009