This is page 2 of:
Heartland Wants To Be The H&R Block Of Processors
The offer came to light this month after Heartland announced that it had conducted a test of its encryption pilot and that the test succeeded. (The news release hardly needed to mention that last part. You see many releases that discuss failed pilots?)
Steven Elefant, who is managing the end to end encryption project at Heartland, was making the point that Heartland had been worried about if the encryption might add too extensive a delay into the processing process. “Anything sub a second would be a reasonable time,” he said, adding that the delay at the trial—held at a local car wash near Heartland’s Plano, Texas, offices—was just shy of one-fifth of a second (“less than 200 milliseconds”).
Elefant also updated rough pricing that had been released by Heartland CEO Robert Carr back in May. Elefant estimated that the per-unit pricing would be “less than $500.” When told that his boss had said the units would cost $100 to $300, Elefant initially denied that Carr would have ever said such a thing. Heartland spokesperson Jason Maloni—who was on the call—then told Elefant that he had been on the Carr interview call and that the CEO had indeed said it. Elefant said that it was likely out of context. (Readers can determine for themselves. The discussion with Carr was recorded as part of an audiocast package.)
But Elefant then added: “If you get breached or hacked, we will pay your fines and fees.” Asked why the offer didn’t go farther, Elefant said that was likely not necessary. For a small merchant, he said, it’s the fines and fees that are the huge worry, as such local retailers rarely have deep enough pockets to attract lawsuits. For large chains, insurance and in-house lawyers—coupled with existing retainer deals—make the legal costs fairly well contained leaving, again, the fines and fees as the most frightening variable.
It’s a sound rationale, but there’s also the reasonability factor. How much is it reasonable for a payment processor to absorb? That’s especially germane when no one else is—thus far—offering much of anything in terms of guarantees.
The implied point, though, is that a so-called end-to-end encryption strategy—regardless of what form it takes—will go quite far in taking the merchant out of the data-protection business. Just like the homeowner analogy, this type of encryption will certainly not make a retailer immune to penetration. But it could easily make them a less inviting target. For now, though, that’s probably enough to get some attention.
-Marc
July 8th, 2009 at 9:06 am
It is amusing that a company that cannot guarantee its own security can claim to protect and guarantee the lack of a breach for others.
July 9th, 2009 at 7:48 am
Are these the same upfront and honest folks that announced their breach to the country on January 20, 2009, during the presidential inauguration ? Oh and their Chairman just happened to sell roughly 15 million dollars worth of Heartland stock while all this was going on. Must all just be a giant coincidence. I however would rather not do business with any company like Heartland Payment Systems.
July 19th, 2009 at 6:14 pm
Indeed, Phan and Jack who commented previously on the folly of Heartland’s attempts are correct in their viewpoints. It it utterly amusing, ironic and borderline shameful that a company who has suffered arguably the worst data breach in the history of commerce is deciding to protect and guarantee a breach of any kind. “Dear Mr. Heartland. This is ridicules.”