Could encryption turn out to be Heartland Payment Systems’ competitive advantage? It would be a nice twist to all the negative press the payment processor received early last year, when HPS became the focus of the largest data breach in US history.
(Nearly two years later, I still cannot find how many people were actually affected. All numbers seem to point to 130 million, which I’ll use, but that was initially revealed as the number of transaction records over three months.)
130,000,000 Records Compromised
When you think of it, the breach was not as devastating as it could have been. Approximately 130 million records were compromised, the largest in US history so far, but it was only credit card information. Imagine if that had been a database full of Social Security numbers: it would have amounted to one third of the US population; at least, per the 2009 US Census.
One in three Americans’ SSN in the hands of an organized mob; can you imagine how much worse it could have gotten?
Lots of Controversy, Finger-pointing
As can be expected from the largest-anything-negative situation, there was a lot of finger-pointing on who was to blame. Since HPS’s database had been breached, many blamed HPS. The company, in turn, blamed their PCI auditor, which opened another can of worms (i.e., can PCI be relied upon? Is it effective? Is PCI meant to protect afford full protection from all breaches? The answer to that last one is “no,” by the way.)
HPS, stuck to its story, and soon began espousing the need for end-to-end encryption. Based on the many data breach stories I’ve been reading lately, where credit card information is routinely being stolen from point-of-sale terminals and computers, HPS might be on to something.
Offering End-to-End Encryption
Actually, Heartland Payment Systems did more than stick to its story: it started offering end-to-end encryption for their point-of-sale terminals in May (5,000 merchants are currently using it), and will also offer a device called the “E3 magnetic stripe reader wedge.”
The use of encryption to protect data is a no-brainer. For example, banks deploy disk data encryption software to secure sensitive information in their employees’ laptop computers. And, cloud-based encryption like AlertBoot makes it easy to deploy encryption it across thousands of computers in one go. Governments the world over use encryption to secure their communication channels. On-line banking needs encryption; it wouldn’t work otherwise, since the internet is an open medium, and technically anyone can read information passing through their networks.
As far as I know, HPS is the only major player when it comes to end-to-end encryption for point of sale systems. In the great tradition of innovators and cunning industrialists, the company may have turned risk into opportunity.
Related Articles and Sites: