![dataloss logo](/images/dataloss-logo.png)
BreachExchange mailing list archives
Re: VISA / 1ST BANK
From: "DAIL, ANDY" <ADAIL () sunocoinc com>
Date: Thu, 19 Oct 2006 17:05:23 -0400
Depending on the industry and depending on the circumstances of the breach, it could be impossible for the merchant to notify the people affected. A lot of retail systems store credit card numbers for chargeback research, but the name of the card holder is not kept. When one of these businesses is breached they know xxxxx number of card numbers were possibly compromised, but not who the cards belong to (Magnetic stripe data being an exception). In that event the company has no choice but to notify their settlement provider, who will in turn notify the issuer, who can cross reference card numbers with card holders. Andy Dail Sunoco PCI Project Manager (918) 586-6160 -----Original Message----- From: dataloss-bounces () attrition org [mailto:dataloss-bounces () attrition org] On Behalf Of Dennis Opacki Sent: Thursday, October 19, 2006 3:43 PM To: dataloss () attrition org Subject: Re: [Dataloss] VISA / 1ST BANK The way I read the notification, it didn't sound like the processor was affiliated with 1st Bank: "We would also like to reassure you that the compromise of information occurred at a merchant card processor's location, not FirstBank and therefore your account information at FirstBank has not been obtained by these unauthorized indivuduals(SIC)." Perhaps they are just notifying customers affected by another company's gaff? Must be a bad day if they didn't even spell-check the notification before it went out.. -Dennis ________________________________ From: B.K. DeLong Sent: Thu 10/19/2006 1:21 PM To: Chris Walsh Cc: dataloss () attrition org Subject: Re: [Dataloss] VISA / 1ST BANK Is it that hard to find out who did the card processing for 1st Bank? On 10/19/06, Chris Walsh <cwalsh () cwalsh org > wrote: On Thu, Oct 19, 2006 at 10:41:37AM -0400, B.K. DeLong wrote: > Well, whomever it was will probably get wacked with a HUGE fine for > violating PCI Security standards. I'm guessing it won't take long to > determine who falls under approved card processors for Visa. They might get fined, but not buy Visa. Too much butter on that bread to throw it in the bin. The FTC, OTOH, may do some enforcement: http://www.emergentchaos.com/archives/2006/06/prediction.html Visa has been zealously guarding the "privacy" of these processors since at least December of 2005, when the Sam's Club stuff started to hit the fan. Even Gartner called MC and Visa out on it: http://www.emergentchaos.com/archives/2005/12/gartner_to_visa.html Chris -- B.K. DeLong (K3GRN) bkdelong () pobox com +1.617.797.8471 http://www.wkdelong.org/ Son. http://www.ianetsec.com/ Work. http://www.bostonredcross.org/ Volunteer. http://www.carolingia.eastkingdom.org/ Service. http://bkdelong.livejournal.com/ Play. PGP Fingerprint: 38D4 D4D4 5819 8667 DFD5 A62D AF61 15FF 297D 67FE FOAF: http://foaf.brain-stream.org/ This message and any files transmitted with it is intended solely for the designated recipient and may contain privileged, proprietary or otherwise private information. Unauthorized use, copying or distribution of this e-mail, in whole or in part, is strictly prohibited. If you have received it in error, please notify the sender immediately and delete the original and any attachments.
_______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tracking more than 137 million compromised records in 430 incidents over 6 years.
Current thread:
- Re: Personal experiences? Was Re: VISA / 1ST BANK, (continued)
- Re: Personal experiences? Was Re: VISA / 1ST BANK Al Mac (Oct 20)
- Re: Personal experiences? Was Re: VISA / 1ST BANK Henry Brown (Oct 23)
- Re: Personal experiences? Was Re: VISA / 1ST BANK ziplock (Oct 21)
- Re: Personal experiences? Was Re: VISA / 1ST BANK Chris Walsh (Oct 21)
- Re: Personal experiences? Was Re: VISA / 1ST BANK ziplock (Oct 22)
- Re: Personal experiences? Was Re: VISA / 1ST BANK Doctor Spook (Oct 22)
- Re: Personal experiences? Was Re: VISA / 1ST BANK dano (Oct 21)
- Re: Personal experiences? Was Re: VISA / 1ST BANK Ivan Junge (Oct 23)
- Re: Personal experiences? Was Re: VISA / 1ST BANK Nick Lewis (Oct 23)
- Re: VISA / 1ST BANK Marjorie Simmons (Oct 20)