Feb

17

Update: First Arrests in Heartland Case

Posted by Keith McMillan

February 17, 2009 | Leave a Comment

It seems that if you steal enough credit cards, then you might actually get arrested.  Last week I posted about the Heartland Payment Systems case, and today, Computerworld is reporting that the first arrests have happened in the case.  This to me is remarkably swift justice.

The Leon County, Florida Sheriff’s office earlier this week announced the arrests of three area residents — Tony Acreus, Jeremy Frazier and Timothy Johns — for allegedly using stolen credit card numbers associated with the breach.

I was just reviewing some of the Payment Card Industry Data Security Standard information today, and was struck by the requirement to encrypt data when it was in transit. According to all the information I’ve seen so far, this breach happened because someone managed to get a network sniffer in place, and capture transaction data.  I may be missing the point, but how were they able to read the traffic if it was encrypted?  Did they have the keys, or was Heartland playing fast and loose with the DSS?  I don’t understand enough about either the facts in the case, or the DSS to say if this is reasonable or not, but it sure seems like someone at Heartland could be in a world of trouble.


Comments

RSS feed | Trackback URI

Comments »

No comments yet.

Name (required)
E-mail (required - never shown publicly)
URI
Your Comment (smaller size | larger size)
You may use <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> in your comment.

Blogroll