[Dataloss] VISA / 1ST BANK

Dennis Opacki DOpacki at Covestic.com
Thu Oct 19 16:43:12 EDT 2006


The way I read the notification, it didn't sound like the processor was affiliated with 1st Bank:

"We would also like to reassure you that the compromise of information occurred at a merchant card processor's location, not FirstBank and therefore your account information at FirstBank has not been obtained by these unauthorized indivuduals(SIC)." 

Perhaps they are just notifying customers affected by another company's gaff? Must be a bad day if they didn't even spell-check the notification before it went out..

-Dennis




From: B.K. DeLong
Sent: Thu 10/19/2006 1:21 PM
To: Chris Walsh
Cc: dataloss at attrition.org
Subject: Re: [Dataloss] VISA / 1ST BANK


Is it that hard to find out who did the card processing for 1st Bank?


On 10/19/06, Chris Walsh <cwalsh at cwalsh.org > wrote: 
On Thu, Oct 19, 2006 at 10:41:37AM -0400, B.K. DeLong wrote:
> Well, whomever it was will probably get wacked with a HUGE fine for 
> violating PCI Security standards. I'm guessing it won't take long to
> determine who falls under approved card processors for Visa.


They might get fined, but not buy Visa.  Too much butter on that bread 
to throw it in the bin.

The FTC, OTOH, may do some enforcement:
http://www.emergentchaos.com/archives/2006/06/prediction.html

Visa has been zealously guarding the "privacy" of these processors since
at least December of 2005, when the Sam's Club stuff started to hit the
fan.  Even Gartner called MC and Visa out on it:
http://www.emergentchaos.com/archives/2005/12/gartner_to_visa.html

Chris





-- 
B.K. DeLong (K3GRN)
bkdelong at pobox.com 
+1.617.797.8471

http://www.wkdelong.org/                    Son.
http://www.ianetsec.com/                    Work.
http://www.bostonredcross.org/             Volunteer.
http://www.carolingia.eastkingdom.org/   Service.
http://bkdelong.livejournal.com/             Play.


PGP Fingerprint:
38D4 D4D4 5819 8667 DFD5  A62D AF61 15FF 297D 67FE

FOAF:
http://foaf.brain-stream.org/ 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://attrition.org/pipermail/dataloss/attachments/20061019/158f2a51/attachment.html 


More information about the Dataloss mailing list