BreachExchange mailing list archives

Re: Unnamed Acquirer Processor Breach Timeline

From: "Urban, Michael" <MikeUrban () fairisaac com>
Date: Fri, 27 Feb 2009 10:10:02 -0600

Agreed.  My point was related to a merchant managing the risk of the
recent card #/exp date compromise.  That data in itself should not
cause/increase risk (beyond what is already in the marketplace) on its
own.  That goes for card present and not present transactions.

-----Original Message-----
From: dataloss-bounces () datalossdb org
[mailto:dataloss-bounces () datalossdb org] On Behalf Of Tom Mahoney
Sent: Friday, February 27, 2009 10:23 AM
To: dataloss () datalossdb org
Subject: Re: [Dataloss] Unnamed Acquirer Processor Breach Timeline

Yes, every CNP merchant should do those things, but they are 
unreliable at best.  My files are full of reports from merchants who 
have completed transactions passing AVS and CVV2, shipping to the 
billto address with proof of delivery and still loosing chargebacks. 
We've even see it happen when the merchant is enrolled in Payer Auth. 
although that service does seem to be better in the last  year or so.

At 8:55 AM -0600 2/27/09,  Urban, Michael typed out:

One way for merchants to protect themselves from fraudulent CNP
transactions related to these (or any) cards is to perform address
verification and request CVV2.  Any CNP merchant who authorizes a new
(or even existing) customer's transaction with only the card number and
expiration date is taking a risk.

But I may be missing something...


-- 

Tom Mahoney, Founder & Director
Over 3800 Merchants united to protect themselves
http://www.merchant911.org
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)

CREDANT Technologies, a leader in data security, offers advanced data
encryption solutions.
Protect sensitive data on desktops, laptops, smartphones and USB sticks
transparently 
across your enterprise to ensure regulatory compliance.
http://www.credant.com/stopdataloss
This email and any files transmitted with it are confidential, proprietary
and intended solely for the individual or entity to whom they are addressed.
If you have received this email in error please delete it immediately.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)

CREDANT Technologies, a leader in data security, offers advanced data encryption solutions.
Protect sensitive data on desktops, laptops, smartphones and USB sticks transparently 
across your enterprise to ensure regulatory compliance.
http://www.credant.com/stopdataloss

Current thread:

Re: Unnamed Acquirer Processor Breach Timeline, some additional confirmation, (continued)
- Re: Unnamed Acquirer Processor Breach Timeline, some additional confirmation *Hobbit* (Feb 26)
  - Re: Unnamed Acquirer Processor Breach Timeline, some additional confirmation Pia Sachs-Donerkiel (Feb 26)
    - Re: Unnamed Acquirer Processor Breach Timeline, some additional confirmation Clint P. Garrison (Feb 26)
    - I 'know' the name of the new payment processor breach security curmudgeon (Feb 26)
  - Re: Unnamed Acquirer Processor Breach Timeline, some additional confirmation Chris Walsh (Feb 26)
    - Re: Unnamed Acquirer Processor Breach Timeline, some additional confirmation Pia Sachs-Donerkiel (Feb 26)
  - Re: Unnamed Acquirer Processor Breach Timeline, some additional confirmation DAIL, WILLARD A (Feb 26)
    - Re: Unnamed Acquirer Processor Breach Timeline Tom Mahoney (Feb 26)
    - Re: Unnamed Acquirer Processor Breach Timeline Urban, Michael (Feb 27)
    - Re: Unnamed Acquirer Processor Breach Timeline Tom Mahoney (Feb 27)
    - Re: Unnamed Acquirer Processor Breach Timeline Urban, Michael (Feb 27)
    - Re: Unnamed Acquirer Processor Breach Timeline DAIL, WILLARD A (Feb 27)