Hello!
The comments on this profile are unclaimed and thus are unverified.
Do they belong to you? Claim these comments.
Anon
Is this you? Claim Profile »
4 months ago
in Payment Processor Breach: a stream of consciousness rant on reflections on emergent commerce and technology
I am going to add to this thread, and apologies for my comments being so late.
I have read a lot in the news about people branding Heartland as non PCI compliant, as lax in their security measures and generally some pretty hateful comments. I wonder how any of these people actually KNOW they are not compliant, or perhaps KNOW how many firewalls, IPS or IDS devices they have in their network.
It is very unfortunate that they were hacked, but as it has been correctly stated, the data was captured in flight, which has now presented a new issue to protect against.
Heartland if found to be PCI compliant, really won't have done anything wrong, you can debate this but you will be debating the relevance of PCI compliancy :)
I hope the company makes it, if you have actually researched them, they do offer a fair deal to merchants, which in turn keep their prices down for me and you. Hackers are incredible these days, and it may well be the case that there is one who is better than the anti virus companies (wow, as if that hasnt happened before!!)
I have read a lot in the news about people branding Heartland as non PCI compliant, as lax in their security measures and generally some pretty hateful comments. I wonder how any of these people actually KNOW they are not compliant, or perhaps KNOW how many firewalls, IPS or IDS devices they have in their network.
It is very unfortunate that they were hacked, but as it has been correctly stated, the data was captured in flight, which has now presented a new issue to protect against.
Heartland if found to be PCI compliant, really won't have done anything wrong, you can debate this but you will be debating the relevance of PCI compliancy :)
I hope the company makes it, if you have actually researched them, they do offer a fair deal to merchants, which in turn keep their prices down for me and you. Hackers are incredible these days, and it may well be the case that there is one who is better than the anti virus companies (wow, as if that hasnt happened before!!)
1 reply
9 months ago
in Mangia in Danvers Square! on The Salem News
....danvers is terrible? ...$500,000 ranch?
What are you talking about?
Danvers Square has some decent new restaurants and you slam the town for that? Moron.
What are you talking about?
Danvers Square has some decent new restaurants and you slam the town for that? Moron.
2 replies
TheWeed
For once, he's right. Danvers is way over-priced, and the square is too congested, limited parking, and not attractive for visitors/tourists. I would much rather take an extra 10 minutes up 95 to visit Newburyport.
enricopalazzo
yes, $500,000 ranch houses. theyre everywhere. its insane.
the square is terrible. supreme's is ok. the pizza place next door is ok. the italian restaurant came and went. everything is just ok, not good, definately not great.
and i slam the town for everything, not just restaurants.
the square is terrible. supreme's is ok. the pizza place next door is ok. the italian restaurant came and went. everything is just ok, not good, definately not great.
and i slam the town for everything, not just restaurants.
Heartland, as I stated in the original post, appears to have been considered as "compliant" by VISA at the time of the breach.
In terms of debating the relevance of PCI...You will probably notice a theme among my posts (both here and via twitter at http://twitter.com/tylerhannan) that PCI is not the "be all, end all" of compliance. It is not a goal. It should be treated as an outcome of a Risk Management strategy.
We won't know, quite possibly ever, the details of how they were breached...although we will get a fair picture as details come out. That, however, doesn't mean that is should cause all in the industry to pause and take assessment of their position on compliance, security, and risk management in general.
I know Heartland well. I know their pricing structure (from multiple perspectives). Their value to the payments world, in my opinion, has little to do with whether their risk approach was holistic. Was it a case of negligence or a case of the "black hats" beating proper security preventions? I suppose time will tell...
The theme, however, (at least from my perspective) is the situation should reinforce a measured and attentive review of security policies that anyone in the "processing" sphere choose to implement.
thanks for you thoughts. they are appreciated.