BreachExchange mailing list archives

Re: VISA / 1ST BANK

From: Dennis Opacki <DOpacki () Covestic com>
Date: Thu, 19 Oct 2006 13:43:12 -0700

The way I read the notification, it didn't sound like the processor was affiliated with 1st Bank:

"We would also like to reassure you that the compromise of information occurred at a merchant card processor's location, not FirstBank and therefore your account information at FirstBank has not been obtained by these unauthorized indivuduals(SIC)."

Perhaps they are just notifying customers affected by another company's gaff? Must be a bad day if they didn't even 
spell-check the notification before it went out..

-Dennis




From: B.K. DeLong
Sent: Thu 10/19/2006 1:21 PM
To: Chris Walsh
Cc: dataloss () attrition org
Subject: Re: [Dataloss] VISA / 1ST BANK


Is it that hard to find out who did the card processing for 1st Bank?

On 10/19/06, Chris Walsh <cwalsh () cwalsh org > wrote:On Thu, Oct 19, 2006 at 10:41:37AM -0400, B.K. DeLong wrote:

Well, whomever it was will probably get wacked with a HUGE fine forviolating PCI Security standards. I'm guessing it won't take long to
determine who falls under approved card processors for Visa.

They might get fined, but not buy Visa. Too much butter on that breadto throw it in the bin.


The FTC, OTOH, may do some enforcement:
http://www.emergentchaos.com/archives/2006/06/prediction.html

Visa has been zealously guarding the "privacy" of these processors since
at least December of 2005, when the Sam's Club stuff started to hit the
fan.  Even Gartner called MC and Visa out on it:
http://www.emergentchaos.com/archives/2005/12/gartner_to_visa.html

Chris





--
B.K. DeLong (K3GRN)

bkdelong () pobox com+1.617.797.8471


http://www.wkdelong.org/                    Son.
http://www.ianetsec.com/                    Work.
http://www.bostonredcross.org/             Volunteer.
http://www.carolingia.eastkingdom.org/   Service.
http://bkdelong.livejournal.com/             Play.


PGP Fingerprint:
38D4 D4D4 5819 8667 DFD5  A62D AF61 15FF 297D 67FE

FOAF:

http://foaf.brain-stream.org/

_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss
Tracking more than 137 million compromised records in 430 incidents over 6 years.

Current thread:

VISA / 1ST BANK security curmudgeon (Oct 19)
- Re: VISA / 1ST BANK Joshua Fritsch (Oct 19)
- Re: VISA / 1ST BANK ziplock (Oct 19)
  - Re: VISA / 1ST BANK B.K. DeLong (Oct 19)
    - Re: VISA / 1ST BANK Chris Walsh (Oct 19)
    - Re: VISA / 1ST BANK B.K. DeLong (Oct 19)
    - Re: VISA / 1ST BANK Dennis Opacki (Oct 19)
    - Re: VISA / 1ST BANK blitz (Oct 20)
    - Re: VISA / 1ST BANK George Toft (Oct 20)
    - Re: VISA / 1ST BANK lyger (Oct 20)
    - Re: VISA / 1ST BANK George Toft (Oct 20)
    - Personal experiences? Was Re: VISA / 1ST BANK lyger (Oct 20)
    - Re: Personal experiences? Was Re: VISA / 1ST BANK Joshua Fritsch (Oct 20)
    - Re: Personal experiences? Was Re: VISA / 1ST BANK Al Mac (Oct 20)
    - Re: Personal experiences? Was Re: VISA / 1ST BANK Henry Brown (Oct 23)
    - Re: Personal experiences? Was Re: VISA / 1ST BANK ziplock (Oct 21)
    - Re: Personal experiences? Was Re: VISA / 1ST BANK Chris Walsh (Oct 21)

(Thread continues...)