Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
The United States' fourth largest credit card payments processing company Heartland Payment Systems has agreed to pay a US$5 million ($5.4 million) settlement to its financial services customer Discover over a data breach caused by a malware infection.
Heartland processed card payments for Visa, Mastercard and other financial service providers to the tune of US$70 billion in 2009.
The payments processor had already paid American Express US$3.6 million over the same breach, while Visa agreed to cap its compensation demands to US$59.2 million.
In early 2008 malicious software infiltrated Heartland's payments system, which allowed attackers for several months to collect in-transit, unencrypted payment card data, according to Heartland's 2009 Securities and Exchange Securities filings.
"This settlement marks our final agreement with a card brand related to the intrusion," Bob Carr, Heartland's chairman and chief executive officer said Wednesday in a brief statement.
Heartland held a US$100 million reserve fund to compensate companies affected by the breach.
Despite in-transit data not being required to be encrypted in 2008 under the Payment Card Industry's Data Security Standard (PCI-DSS), both Mastercard and Visa briefly removed the company from their list of compliant providers as a result of its system's compromise.
Heartland was not the only major payments processor to suffer an attack in 2008. A Russian hacker is facing charges in the US for allegedly breaking the Royal Bank of Scotland's encryption for its US payroll processing network, RBS WorldPay.
The hacker was alleged to have stolen US$9.4 million in the 2008 attack.
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.