After suffering a massive data breach last year, Heartland Payment Systems has questioned the effectiveness of current industry security standards and called for the adoption of end-to-end data encryption.
Heartland admitted last week that it had found malicious software in its processing system, potentially compromising the card data of millions of people.
The firm now says it is setting up a dedicated department - led by Steven Elefant - to develop end-to-end encryption, ensuring data is secure in motion on corporate networks.
The Payment Card Industry Data Security Standard (PCI DSS) only requires firms to encrypt cardholder data when transmitted across open, public networks.
Robert Carr, chairman and CEO, Heartland, says: "PCI is a good and effective standard, but the bad guys have become more sophisticated to the point where encryption of data in motion appears to be one of the next required steps."
Heartland claims Carr has been calling for payments industry adoption of end-to-end encryption for over a year and is in discussions with other firms about improving security.
He also slams a lack of communication within the industry and says: "I believe that had we known the details about previous intrusions, we might have found and prevented the problem we learned of last week."
In a blog for vendor Voltage Security, Luther Martin says: "Heartland appears to be an example of an organisation which assumed that simply passing its PCI audit meant that it was truly secure."
He adds: "This incident should serve as a wake-up call that PCI should be used as a starting point instead of an end point in the effort to protect sensitive data."