Another Processor Breach: say it isn’t so

I have heard from many of the folk I interact with frequently (security folk, payments folk, developer folk, other folk) regarding the newly rumoured processor breach.

Many have asked if I have any information…or know something that others may not. Quite simply, no. I don’t sit on any task forces or interact with folk that would share that sort of information in a way that I could communicate.

So, like many, I rely on other sources to obtain my information. Chief among them is what I consider the best site regarding breach situations in general: The Office of Inadequate Security. My hope is that, as they postulate in a post entitled: Sifting Through The Tea Leaves, the issue is an expansion of an extant breach rather than a new breach.

Continuing on my last post…from entirely too long ago…I’d thought I’d give you a bit of my personal experience with the current outcome of the HeartLand breach.

3 of my personal credit (or debit) cards have been replaced.
My wife’s debit card has been replaced.

Why so many? I happen to know, and this time it is “inside” information, that a place I frequent when traveling utilizes/d Heartland for their payment processing.

But what does it mean to me? Quite simply, a giant pain in my bum.

1 of the cards was limited to $100 maximum transaction for the 2 weeks it took for replacement. Another card, that has a PIN associated, arrived several days before the cancellation. Unfortunately, the PIN arrived several days following cancellation. It is fortunate that I live a fairly cash free existence.

I’ve spent several hours explaining the situation…in decidedly non-technical terms…to friends and acquaintances. Interestingly, even though the information they received from their bank/credit union/issuer indicated a breach of another provider, they all blamed the person sending them the letter. Several, in fact, have gone through the motions of changing their banking relationship as a result. Short of drawing them detailed technical diagrammes and transaction flows, I had no clear method of explaining that flaw in logic.

Personally…hugely annoying.

Professionally…not all that dissimilar.

What’s your perspective? Agree? Disagree? Anything to add? Critiques? The comment form is below. . .

February 27, 2009

Leave a Reply

Your email address will not be published. Required fields are marked *