<HTML dir=ltr><HEAD></HEAD>
<BODY>
<DIV id=idOWAReplyText3213 dir=ltr>
<DIV dir=ltr><FONT face=Arial color=#000000 size=2>The way I read the notification, it didn't sound like the processor was affiliated with 1st Bank:</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2>"We would also like to reassure you that the compromise of information occurred at a merchant card processor's location, not FirstBank and therefore your account information at FirstBank has not been obtained by these unauthorized indivuduals(SIC)." </FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2>Perhaps they are just notifying customers affected by another company's gaff? Must be a bad day if they didn't even spell-check the notification before it went out..</FONT></DIV>
<DIV dir=ltr> </DIV>
<DIV dir=ltr><FONT face=Arial size=2>-Dennis</FONT></DIV></DIV>
<DIV id=idSignature22723>
<DIV><FONT face=Arial size=2></FONT> </DIV></DIV>
<DIV dir=ltr><BR>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> B.K. DeLong<BR><B>Sent:</B> Thu 10/19/2006 1:21 PM<BR><B>To:</B> Chris Walsh<BR><B>Cc:</B> dataloss@attrition.org<BR><B>Subject:</B> Re: [Dataloss] VISA / 1ST BANK<BR></FONT><BR></DIV>
<DIV>Is it that hard to find out who did the card processing for 1st Bank?<BR><BR>
<DIV><SPAN class=gmail_quote>On 10/19/06, <B class=gmail_sendername>Chris Walsh</B> <<A href="mailto:cwalsh@cwalsh.org" target=_blank>cwalsh@cwalsh.org</A> > wrote:</SPAN>
<BLOCKQUOTE class=gmail_quote style="PADDING-LEFT: 1ex; MARGIN: 0pt 0pt 0pt 0.8ex; BORDER-LEFT: rgb(204,204,204) 1px solid">On Thu, Oct 19, 2006 at 10:41:37AM -0400, B.K. DeLong wrote:<BR>> Well, whomever it was will probably get wacked with a HUGE fine for <BR>> violating PCI Security standards. I'm guessing it won't take long to<BR>> determine who falls under approved card processors for Visa.<BR><BR><BR>They might get fined, but not buy Visa. Too much butter on that bread <BR>to throw it in the bin.<BR><BR>The FTC, OTOH, may do some enforcement:<BR><A href="http://www.emergentchaos.com/archives/2006/06/prediction.html" target=_blank>http://www.emergentchaos.com/archives/2006/06/prediction.html</A><BR><BR>Visa has been zealously guarding the "privacy" of these processors since<BR>at least December of 2005, when the Sam's Club stuff started to hit the<BR>fan. Even Gartner called MC and Visa out on it:<BR><A href="http://www.emergentchaos.com/archives/2005/12/gartner_to_visa.html" target=_blank>http://www.emergentchaos.com/archives/2005/12/gartner_to_visa.html</A><BR><BR>Chris<BR><BR></BLOCKQUOTE></DIV><BR><BR clear=all><BR>-- <BR>B.K. DeLong (K3GRN)<BR><A href="mailto:bkdelong@pobox.com" target=_blank>bkdelong@pobox.com</A> <BR>+1.617.797.8471<BR><BR><A href="http://www.wkdelong.org/" target=_blank>http://www.wkdelong.org/</A> Son.<BR><A href="http://www.ianetsec.com/" target=_blank>http://www.ianetsec.com/</A> Work.<BR><A href="http://www.bostonredcross.org/" target=_blank>http://www.bostonredcross.org/</A> Volunteer.<BR><A href="http://www.carolingia.eastkingdom.org/" target=_blank>http://www.carolingia.eastkingdom.org/</A> Service.<BR><A href="http://bkdelong.livejournal.com/" target=_blank>http://bkdelong.livejournal.com/</A> Play.<BR><BR><BR>PGP Fingerprint:<BR>38D4 D4D4 5819 8667 DFD5 A62D AF61 15FF 297D 67FE<BR><BR>FOAF:<BR><A href="http://foaf.brain-stream.org/" target=_blank>http://foaf.brain-stream.org/</A> </DIV></BODY></HTML>