This paper examines Heartland Payment Systems (HPS) in the wake of its 2009 data breach, during which credit and debit card information for millions of customers was stolen over the course of a year. The analysis evaluates HPS's website across four dimensions—product information, contact information, product customization, and customer data collection at purchase—before assessing three Internet marketing strategies the company employs. The paper then critiques HPS's privacy and security policy and its inadequate public response to the breach. Finally, it recommends two security improvements: implementing a layered firewall system and conducting annual IT security evaluations to keep pace with evolving cyber threats.
In 2009, Heartland Payment Systems (HPS) reported a security breach in one of its main databases. The online credit and debit card processor disclosed that significant portions of customer files had been stolen over the course of one year. The stolen data contained all the Visa and MasterCard numbers for 175,000 of the 250,000 retailers the company was working with, potentially exposing tens of millions of individual credit and debit card numbers to criminals.
Commenting on the incident, President and Chief Financial Officer Robert Baldwin said, "We found evidence of an intrusion last week and immediately notified federal law enforcement officials as well as the card brands. We understand that this incident may be the result of a widespread global cyber fraud operation, and we are cooperating closely with the United States Secret Service and Department of Justice." (Haskins, 2009)
This incident is significant in showing how the company was completely blindsided by the attack. To prevent similar incidents in the future, HPS needs to create a strategy that will identify and address potential threats early. This analysis evaluates the corporation's website, examines the firm's marketing strategy, analyzes its privacy and security policy, and provides recommendations to address these issues. Together, these elements offer the greatest insights into how the firm should address all security threats going forward — building confidence with customers and avoiding similar embarrassing incidents in the future.
When evaluating HPS's website across four key areas — product information, contact information, product customization, and customer information at purchase — it becomes clear that the site is both similar to and different from others in the industry.
In terms of product information, the website provides an array of services including credit card processing, payroll services, lending services, check management, gift marketing, and micropayments. This gives businesses detailed information about how these services can benefit merchants. The corporation's contact information is located in the top right-hand corner of the site, providing 800 numbers and email addresses for customer service. Additionally, the bottom of the home page includes disclosures about other financial institutions the company owns and the ticker symbol for its common stock.
The way products can be customized for customers is by first identifying each client's specific needs and then addressing them directly. This allows HPS to offer clients a range of services — from credit card to payroll processing — tailored to businesses of various sizes and types. At the point of purchase, the company collects essential information about the merchant, such as bank account details, address, and telephone number. Merchants can also log into the website to monitor the specific products they are using.
When these systems are considered together, it is clear that the website serves three functions: it informs customers about the company and its products, and it collects vital information about clients. From a security perspective, this data automatically makes the company a target for hackers. As a result, executives should have been aware of potential breaches, given the nature of the products they deliver and the sensitive data they handle. ("Heartland Payment Systems," 2012)
Three Internet marketing strategies employed by HPS are public relations, search engine marketing, and email address collection.
In terms of public relations, the company uses its website to demonstrate that it is a reputable firm capable of addressing customer safety concerns. The site highlights the fact that HPS handles 44,000 transactions per day and has secured large contracts — details designed to serve as a form of social proof that reinforces the brand's credibility.
Search engine marketing involves using a series of keyword strategies to improve HPS's ranking on search engine results pages. The effectiveness of this approach is that it attracts potential customers who are actively searching for the types of products and services the company offers. The website then serves as an educational tool, giving prospective clients a place to learn about HPS and develop confidence in the firm before making contact. Understanding search engine marketing fundamentals is essential for any payment-services company seeking to grow its merchant base online.
"Critique of HPS privacy policy and breach response"
"Layered security and annual IT review proposed"
These recommendations need to be implemented as soon as possible. The firm is a major target for hackers, and the high-profile security breach could encourage copycat attacks. If these policies are implemented promptly, they will close existing security flaws and establish a protocol that addresses the firm's ongoing security needs. This is how executives can protect their data and ensure that the company's reputation remains intact in the aftermath of incidents like the 2009 breach. (Haskins, 2009)
You’re 52% through this paper. Sign up to read the remaining 2 sections.
Sign Up Now — Instant Access Already a member? Log inAlways verify citation format against your institution’s current style guide requirements.