Heartland Payment Systems Case Study

1143 Words5 Pages
In January 2009, Heartland Payment Systems announced that it had encountered a breach in its security system the previous year. The breach had compromised data of more than 130 million credit and debit cards transactions. It was learned that transaction data was being transmitted in an unencrypted form within its internal processing platform. The company was certified PCI DSS (Payment Card Industry Data Security Standard) compliant and had implemented all the required controls. However, compliance with the PCI DSS standard did not stop the breach.
Does compliance ensure security?
Compliance and security are two different entities and while being compliant is a byproduct of being secure, the converse is not true. Compliance is the minimum requirement towards security. To be compliant, a self-assessment questionnaire (SAQ) and a vulnerability scan are completed. A large organization undergoes many changes and a single system change can
…show more content…
Logging, monitoring, and tracking user activities can be used to detect and prevent unauthorized access. This can be achieved by assigning each user a unique identification and logging all network accesses. All applications should be configured to generate audit trails and logs. The system time should be set correctly and the logs must be examined at regular intervals. Anomalous behavior must be defined and scripts for detecting such behavior must be used to automate the process. Access to network and cardholder data should be tracked and monitored. PCI DSS compliance by third-party vendors has to be monitored. Anti-malware software must generate logs, which must be monitored. Security controls such as firewalls, intrusion detection systems, file integrity, and access controls have to be monitored to ensure that they are operating effectively and as intended (Cheney,

More about Heartland Payment Systems Case Study

Open Document