The famous bank robber, Willy Sutton, when asked why he robbed those banks replied “Because that’s where the money is.” Makes sense.

In today’s dog’s dinner of an economy, that may not be as much the case. Instead, the swag for robbers are the data bases that hold everyone’s credit card information.  Today’s Willy Suttons use different burglary tools, though – - their computers and their programming wiles.

Last month the electronic payment services firm RBS WorldPay was robbed by hackers who stole personal data on about 1.5 million consumers.  That’s far less than the 45 million credit cards snatched from retailer TJ Maxx in 2007, but it’s still very disconcerting.  Last week, Heartland Payment Systems announced it, too, had suffered a serious breach of its security in what may prove to be the largest data leak ever.

The consultancy firm Gartner believes it sees a pattern emerging, and that payment processers will become, if they are not already, the main target for hackers.  Why?  Because that’s where the data is.

While this may be a simplified explanation on how these thefts have occurred, it will serve the purposes of this discussion today.  Using the brute strength of millions of computers world-wide, hijacked by malicious software delivered in spam email, a virus was able to insinuate itself into Heartland’s systems.  While sitting there undetected on a server, it would be watching for transmissions that represented authorization requests for credit card transactions.  This malicious software, or “malware,” would come to life and capture the data.

Data storage of this nature must be encrypted.  Past data leaks have shared a common trait – - there was inside help.  No data was lost during transmission, as it was like trying to hit a target moving at near the speed of light using a bow and arrow.

The difference now is that it seems data can, in fact, be intercepted.  Instead of that bow and arrow, though, the hackers are setting the nets directly on storage facility servers where they simply sit until incoming transmissions are received.

It’s a scary thought. While there are solutions, banks and other players in this process have been reluctant to act.  Encryption tools could be added to the process that would thwart the packet sniffing by these pieces of “malware,” although it does present some challenges.  All of the players in the process would have to work in concert on the management of the encryption tools, and that is the rub.  However, it could be done, and should be done notwithstanding what we anticipate would be a very high cost.

KISS does not store any client credit card data electronically, and hasn’t for some time.  We do have some hard copy, locked away in a safe, client information for monthly processing of invoices, but nothing electronically.  We just don’t feel comfortable with the idea, especially after these recent breaches.

The hackers will continue with their games and their crimes, and data storage centers will remain the target.  That’s where the money is, and today’s Willy Suttons know that.