In 2009, Heartland Payment Systems (HPS) reported a security breach in one of its main databases. What happened is the online credit and debit card processor, reported significant portions of customer files were stolen over the course of one year. They contained all the Visa and MasterCard numbers for 175 thousand of the 250 thousand retailers the company was working with. This is potentially exposing tens millions of individual credit and debit card numbers to criminals. Commenting about the incident the President and Chief Financial Officer (Robert Baldwin) said, "We found evidence of an intrusion last week and immediately notified federal law enforcement officials as well as the card brands. We understand that this incident may be the result of a widespread global cyber fraud operation, and we are cooperating closely with the United States Secret Service and Department of Justice." (Haskins, 2009)
This is significant in showing how the company was completely blind sided by this attack. To prevent these kinds of incidents in the future, they need to create a strategy that will identify and deal with potential threats early. This will be achieved by: evaluating the corporation's web site, studying the firm's marketing strategy, analyzing their privacy / security policy and providing recommendations to address these issues. Together, these different elements will offer the greatest insights as to how the firm should address all security threats in the future. This is the point that they will be able to build confidence with their customers and avoid these kinds of embarrassing incidents in the future.
Describe and evaluate Heartland Payment's web site in these four areas: (1) product information, (2) the corporation's contact information, (3) customization of products for customers and (4) customer information at purchase.
When you evaluate HPS' web site it is clear that it is similar and different from others inside the industry. As far as product information is concerned, the web site provides an array of services. To include: credit card processing, payroll services, lending services, check management, gift marketing and micropayments. This is providing the businesses with detailed information of how these services can benefit merchants. The corporation's contract information is in the top right had corner with: the 800 numbers and email addresses for customer service. Moreover, at the bottom of the home page there are disclosures about other financial institutions the company owns and the symbol of the common stock. The way these products can be customized for customers is to identify what their needs are and then address them. This allows HPS to provide clients with an array of services that will address the needs of businesses ranging from: credit card to payroll processing. At purchase, the company will need information about the merchant such as: their bank account, address and telephone number. Furthermore, merchants can log into the web site and monitor the specific products they are using. When these systems are evaluated, it is clear that the combination of them is providing customers with: information about the company, its products and it collects vital information about the client. From a security perspective, this data automatically makes the company a target of hackers. As a result, executives should have been aware of potential breaches (given the products they deliver and the data they have access to). ("Heartland Payment Systems," 2012)
Describe and evaluate three (3) of Heartland Payments Internet marketing strategies and the competitive advantages its website provides.
Three of the Internet marketing strategies that are being utilized by the HPS include: public relations, attracting customers with search engines and collecting email addresses. In the case of public relations, this is when the company will show how they are a reputable firm that can address the customer's safety concerns. The web site will play an important role, by highlighting how: the company handles 44 thousand transactions per day and the large contracts that were signed. This is designed to serve as a form of social proof.
Search engine marketing is when the company will use a series of keyword strategies to increase their ranking on search engine pages. The effectiveness of this strategy is that the firm can use this as a way to attract potential customers (who are interested in their products and services). The web site will serve as a tool that will educate possible customers about HPS and what they have to offer. This will help them to have a sense of confidence by going someplace to learn about the firm.
Collecting email addresses is when executives will receive specific information regarding parties that want to learn more about HPS. This provides the sales force with potential leads they can directly call or email about specific services that are provided. The web site plays a critical role in collecting all data about the customer. (Fox, 2009) ("Heartland Payment Systems," 2012)
Analyze and evaluate the corporation's privacy/security policy and the corporation's response to the security breach.
The biggest weakness for the company is their response to an attack is poor. The reason why is because, the firm does not have a set strategy of having customers contact them about these issues. Instead, they simply tell everyone that they are working with public officials who are handling the situation. This kind of response is hurting the image of the company and it makes them appear to be hiding something. (Haskins, 2009)
Recommend and provide rationale for two (2) methods and/or tools to ensure greater security for customers.
To improve security for customers, HPS needs to focus on two areas to include: having a layered security system and to continually evaluate the firm's security policies on a regular basis. Having a layered security system is important, because it will make it difficult for hackers to be able to breach sensitive areas. The reason why is due to the fact that there are firewalls (which are all interconnected). If one were to fail, the others will be able to serve as a secondary and triple layer of protection. This will make it difficult for hackers to upload malware programs. (Haskins, 2009)
At least once a year, IT personnel need to evaluate the security procedures of the firm. The main reason is because the nature of the threat is continually changing. This means that the strategies which worked in the past may no longer be effective in dealing with the threat. When this happens, the odds increase that hackers will be able to upload a program that can steal information without anyone knowing until it is too late. In the case with HPS, this is exactly what happened with criminals able to upload a malware application and quietly steel the majority of firms' files.
Evidence of this can be seen with comments from Avivah Litan (an IT analyst with the Gartner Group) who said, "I don't have the specifics, but I imagine the criminals used under-the-radar malware that was not detected by the controls Heartland had in place. Also, I am left to wonder how the crooks got the data out of their system -- a firewall policy should preclude such data transfers to unrecognized servers. There should be a minimum of an annual evaluation for most organizations. The depth of the evaluation and effort placed into…