BreachExchange mailing list archives
Re: Unnamed Acquirer Processor Breach Timeline, some additional confirmation
From: "Clint P. Garrison" <garrison.clint () gmail com>
Date: Thu, 26 Feb 2009 10:49:44 -0600
I'm following this "potential" new breach closely because it has an impact on the integrity of the entire PCI program. Here's my take on Visa and MC staying quiet. The new Compliant Service Provider list that Visa maintains is due to be updated in about a week. Merchants are required to make sure their service providers are PCI complaint and most rely on this list. Currently Heartland and RBS Worldpay are listed as "* Current PCI DSS status is under review". If they know of another processor that is currently breached shouldn't they reflect that on the list so merchants can stay compliant with 12.8.4. If not, what is the point of publishing the first place if it's not an accurate reflection of a Service Providers status? http://usa.visa.com/merchants/risk_management/cisp_service_providers.html Clitn P. Garrison On Thu, Feb 26, 2009 at 8:58 AM, Pia Sachs-Donerkiel <sachs () nefcu com> wrote:
Just as an FYI- we don't have the choice about the no liability policy (per VISA and MC, etc.), but as a whole, we lose far less then we make on interchange, yes, even on the fraud charges. While some FI's abuse this, as a Credit Union, we work very hard to help keep our members on the up and up and we don't penalty price or anything. It all depends on the FI issuing the card and whether they are out to gouge or make an honest business. Too many are out there to gouge! That said, I hope it becomes required SOON that if a company like this unnamed processor is hacked, that they have to be forthcoming. WE are getting sick and tired of being the bad guy and saying Sorry Mr. Jones, your card has been compromised again (for the 3rd time this year) and we need to replace the card, because the fraudsters got everything they need to make a counterfeit card again. The level of abuse we get for this is unbelievable, even to those of us in the industry for more than 15 years! Pia SD Payment Services Supervisor - at one of those credit issuers -----Original Message----- From: dataloss-bounces () datalossdb org [mailto:dataloss-bounces () datalossdb org] On Behalf Of *Hobbit* Sent: Thursday, February 26, 2009 9:42 AM To: dataloss () datalossdb org Subject: Re: [Dataloss] Unnamed Acquirer Processor Breach Timeline, some additional confirmation What seems likely to happen along with all this and future disclosures, is lots of legalese flung about geared toward the credit outfits weaseling out of the $50 maximum customer liability. If it hasn't happened already, I don't really follow the credit side of things. But you can bet your own bottom dollar that the "safety guarantee" I so often hear associated with plastic will be a thing of the past as the fraud picture gets worse. Maybe this will start to finally wean people *off* the damn things. _H* _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) CREDANT Technologies, a leader in data security, offers advanced data encryption solutions. Protect sensitive data on desktops, laptops, smartphones and USB sticks transparently across your enterprise to ensure regulatory compliance. http://www.credant.com/stopdataloss Confidentiality Notice: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential & privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact sender by reply email & destroy all copies of the original message. To protect your privacy, we have removed personal and account information (such as member number, etc.) from the email being returned to you, and we advise you not to include confidential information if you respond to this email. _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) CREDANT Technologies, a leader in data security, offers advanced data encryption solutions. Protect sensitive data on desktops, laptops, smartphones and USB sticks transparently across your enterprise to ensure regulatory compliance. http://www.credant.com/stopdataloss
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) CREDANT Technologies, a leader in data security, offers advanced data encryption solutions. Protect sensitive data on desktops, laptops, smartphones and USB sticks transparently across your enterprise to ensure regulatory compliance. http://www.credant.com/stopdataloss
Current thread:
- Unnamed Acquirer Processor Breach Timeline, some additional confirmation David Shettler (Feb 26)
- <Possible follow-ups>
- Re: Unnamed Acquirer Processor Breach Timeline, some additional confirmation *Hobbit* (Feb 26)
- Re: Unnamed Acquirer Processor Breach Timeline, some additional confirmation Pia Sachs-Donerkiel (Feb 26)
- Re: Unnamed Acquirer Processor Breach Timeline, some additional confirmation Clint P. Garrison (Feb 26)
- I 'know' the name of the new payment processor breach security curmudgeon (Feb 26)
- Re: Unnamed Acquirer Processor Breach Timeline, some additional confirmation Pia Sachs-Donerkiel (Feb 26)
- Re: Unnamed Acquirer Processor Breach Timeline, some additional confirmation Chris Walsh (Feb 26)
- Re: Unnamed Acquirer Processor Breach Timeline, some additional confirmation Pia Sachs-Donerkiel (Feb 26)
- Re: Unnamed Acquirer Processor Breach Timeline, some additional confirmation DAIL, WILLARD A (Feb 26)
- Re: Unnamed Acquirer Processor Breach Timeline Tom Mahoney (Feb 26)
- Re: Unnamed Acquirer Processor Breach Timeline Urban, Michael (Feb 27)
- Re: Unnamed Acquirer Processor Breach Timeline Tom Mahoney (Feb 27)
- Re: Unnamed Acquirer Processor Breach Timeline Urban, Michael (Feb 27)
- Re: Unnamed Acquirer Processor Breach Timeline DAIL, WILLARD A (Feb 27)