BreachExchange mailing list archives
Re: Unnamed Acquirer Processor Breach Timeline
From: "Urban, Michael" <MikeUrban () fairisaac com>
Date: Fri, 27 Feb 2009 10:10:02 -0600
Agreed. My point was related to a merchant managing the risk of the recent card #/exp date compromise. That data in itself should not cause/increase risk (beyond what is already in the marketplace) on its own. That goes for card present and not present transactions. -----Original Message----- From: dataloss-bounces () datalossdb org [mailto:dataloss-bounces () datalossdb org] On Behalf Of Tom Mahoney Sent: Friday, February 27, 2009 10:23 AM To: dataloss () datalossdb org Subject: Re: [Dataloss] Unnamed Acquirer Processor Breach Timeline Yes, every CNP merchant should do those things, but they are unreliable at best. My files are full of reports from merchants who have completed transactions passing AVS and CVV2, shipping to the billto address with proof of delivery and still loosing chargebacks. We've even see it happen when the merchant is enrolled in Payer Auth. although that service does seem to be better in the last year or so. At 8:55 AM -0600 2/27/09, Urban, Michael typed out:
One way for merchants to protect themselves from fraudulent CNP transactions related to these (or any) cards is to perform address verification and request CVV2. Any CNP merchant who authorizes a new (or even existing) customer's transaction with only the card number and expiration date is taking a risk. But I may be missing something...
-- Tom Mahoney, Founder & Director Over 3800 Merchants united to protect themselves http://www.merchant911.org _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) CREDANT Technologies, a leader in data security, offers advanced data encryption solutions. Protect sensitive data on desktops, laptops, smartphones and USB sticks transparently across your enterprise to ensure regulatory compliance. http://www.credant.com/stopdataloss This email and any files transmitted with it are confidential, proprietary and intended solely for the individual or entity to whom they are addressed. If you have received this email in error please delete it immediately. _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) CREDANT Technologies, a leader in data security, offers advanced data encryption solutions. Protect sensitive data on desktops, laptops, smartphones and USB sticks transparently across your enterprise to ensure regulatory compliance. http://www.credant.com/stopdataloss
Current thread:
- Re: Unnamed Acquirer Processor Breach Timeline, some additional confirmation, (continued)
- Re: Unnamed Acquirer Processor Breach Timeline, some additional confirmation *Hobbit* (Feb 26)
- Re: Unnamed Acquirer Processor Breach Timeline, some additional confirmation Pia Sachs-Donerkiel (Feb 26)
- Re: Unnamed Acquirer Processor Breach Timeline, some additional confirmation Clint P. Garrison (Feb 26)
- I 'know' the name of the new payment processor breach security curmudgeon (Feb 26)
- Re: Unnamed Acquirer Processor Breach Timeline, some additional confirmation Pia Sachs-Donerkiel (Feb 26)
- Re: Unnamed Acquirer Processor Breach Timeline, some additional confirmation Chris Walsh (Feb 26)
- Re: Unnamed Acquirer Processor Breach Timeline, some additional confirmation Pia Sachs-Donerkiel (Feb 26)
- Re: Unnamed Acquirer Processor Breach Timeline, some additional confirmation DAIL, WILLARD A (Feb 26)
- Re: Unnamed Acquirer Processor Breach Timeline Tom Mahoney (Feb 26)
- Re: Unnamed Acquirer Processor Breach Timeline Urban, Michael (Feb 27)
- Re: Unnamed Acquirer Processor Breach Timeline Tom Mahoney (Feb 27)
- Re: Unnamed Acquirer Processor Breach Timeline Urban, Michael (Feb 27)
- Re: Unnamed Acquirer Processor Breach Timeline, some additional confirmation *Hobbit* (Feb 26)
- Re: Unnamed Acquirer Processor Breach Timeline DAIL, WILLARD A (Feb 27)