nanog mailing list archives
Re: bloomberg on supermicro: sky is falling
From: Alain Hebert <ahebert () pubnix net>
Date: Wed, 10 Oct 2018 11:27:52 -0400
Well,Once you get the Expiry Date (which is the most prevalent data that is not encoded with the CHD)
CVV is only 3 digits, we saw ppl using parallelizing tactics to find the correct sequence using acquirers around the world.
With the delays in the reporting pipeline, they have the time to completely abuse that CHD/Date/CVV before getting caught.
For chipless markets ( You know who you are )I'm way more worried about Pinpads carrying Track1+Track2 unencrypted thru Serial, USB, Bluetooth, Wireless custom connection...
( I snooped Serial, USB, Bluetooth for a Pinpad PA-DSS project ) And with the PA-DSS spec being dropped by 2020 it will become worst. ----- Alain Hebert ahebert () pubnix net PubNIX Inc. 50 boul. St-Charles P.O. Box 26770 Beaconsfield, Quebec H9W 6G7 Tel: 514-990-5911 http://www.pubnix.net Fax: 514-990-9443 On 10/10/18 10:32, Brian Kantor wrote:
On Wed, Oct 10, 2018 at 02:21:40PM +0000, Naslund, Steve wrote:For example, with tokenization there is no reason at all for any retailer to be storing your credit card data (card number, CVV, exp date) at all (let alone unencrypted) but it keeps happening over and over.It's been a while since I've had to professionally worry about this, but as I recall, compliance with PCI [Payment Card Industry] Data Security Standards prohibit EVER storing the CVV. Companies which do may find themselves banned from being able to process card payments if they're found out (which is unlikely). - Brian
Current thread:
- Re: bloomberg on supermicro: sky is falling, (continued)
- Re: bloomberg on supermicro: sky is falling Daniel Taylor (Oct 08)
- Re: bloomberg on supermicro: sky is falling valdis . kletnieks (Oct 08)
- Re: bloomberg on supermicro: sky is falling Daniel Taylor (Oct 08)
- Re: bloomberg on supermicro: sky is falling Alfie Pates (Oct 09)
- Re: bloomberg on supermicro: sky is falling Saku Ytti (Oct 10)
- RE: bloomberg on supermicro: sky is falling Naslund, Steve (Oct 10)
- Re: bloomberg on supermicro: sky is falling Brian Kantor (Oct 10)
- RE: bloomberg on supermicro: sky is falling Naslund, Steve (Oct 10)
- Re: bloomberg on supermicro: sky is falling David Hubbard (Oct 10)
- RE: bloomberg on supermicro: sky is falling Naslund, Steve (Oct 10)
- Re: bloomberg on supermicro: sky is falling Alain Hebert (Oct 10)
- RE: bloomberg on supermicro: sky is falling Naslund, Steve (Oct 10)
- RE: bloomberg on supermicro: sky is falling bzs (Oct 10)
- RE: bloomberg on supermicro: sky is falling Naslund, Steve (Oct 10)
- RE: bloomberg on supermicro: sky is falling bzs (Oct 10)
- Re: bloomberg on supermicro: sky is falling Bjørn Mork (Oct 12)
- CVV (was: Re: bloomberg on supermicro: sky is falling) Robert Kisteleki (Oct 11)
- Re: CVV (was: Re: bloomberg on supermicro: sky is falling) Scott Christopher (Oct 11)
- Re: CVV (was: Re: bloomberg on supermicro: sky is falling) bzs (Oct 11)
- Re: CVV (was: Re: bloomberg on supermicro: sky is falling) Chris Adams (Oct 11)
- CVV (was: Re: bloomberg on supermicro: sky is falling) bzs (Oct 11)