as if heartland and carr don’t get me angry enough already…

Heartland can’t stay out of the news, nor can their CEO Robert Carr. Unfortunately this time the news deals with a new lawsuit that claims…well…check the excerpt below. Does this explain or at least put into perspective Carr’s newfound religion in regards to security? (To me, it actually convinces me he’s all hot air and I would only trust actual technical audit/pentest findings over whatever he claims reality to be; but that’s not much worse than I felt when the breach announcement broke…)

In a November 2008 earnings call, according to the complaint, Carr told analysts, “[We] also recognize the need to move beyond the lowest common denominator of data security, currently the PCI DSS standards. We believe it is imperative to move to a higher standard for processing secure transactions, one which we have the ability to implement without waiting for the payments infrastructure to change.”

So much politicking and legal posturing in the media/public over crap like this. People say one thing, but reality is totally different. The article even mentions how VISA removed Heartland this year and (someone at VISA) still claims no one compliant with PCI has been breached. Ugh…what an exactly wrong approach to take. That’s like admitting you have your head up your ass.