[NSRCA-discussion] FMA Database Compromised

R. LIPRIE RLIPRIE at centurytel.net
Wed Nov 19 15:24:05 AKST 2008


People like this need an attitude adjustment.

Matt
  ----- Original Message ----- 
  From: Richard Strickland 
  To: General pattern discussion 
  Sent: Wednesday, November 19, 2008 10:40 AM
  Subject: Re: [NSRCA-discussion] FMA Database Compromised


  They SHOULD be able to hold on to them.  It's the crooks that are the problem.
  RS



------------------------------------------------------------------------------

  From: jlkonn at hotmail.com
  To: nsrca-discussion at lists.nsrca.org
  Date: Wed, 19 Nov 2008 10:26:09 -0600
  Subject: Re: [NSRCA-discussion] FMA Database Compromised

  Robert,
  I am often troubled by some of our suppliers.
  I've had them read my card and 3 digit security number back to me before I have given it to them.
  They've kept it from my last order!  Needless to say I always express my extreme dissatisfaction.
  I'm sure it's like water off a duck's back.  About the only thing we can do is "vote with our
  feet" and not do business with these types.
  JLK




------------------------------------------------------------------------------


  Date: Wed, 19 Nov 2008 09:20:52 -0700
  From: rob at koolsoft.com
  To: nsrca-discussion at lists.nsrca.org
  Subject: Re: [NSRCA-discussion] FMA Database Compromised




  Its pretty stupid.  There is no reason to store credit card numbers at all.  I write software for online stores and such and the number is processed, and never saved.  Only the transaction ID and the last 4 digits of the card for the customer benefit for future reference.



  Every year I have to fill out one of those PCI survey's for each of my customers that take credit cards and answer N/A to most of the questions because they deal with storage of card numbers.  Why on earth would any company want to take on that kind of risk?



  - Robert Beaubien

  - NSRCA, District 7 Webmaster

  -



  From: nsrca-discussion-bounces at lists.nsrca.org [mailto:nsrca-discussion-bounces at lists.nsrca.org] On Behalf Of Dave Burton
  Sent: Wednesday, November 19, 2008 9:16 AM
  To: 'General pattern discussion'
  Subject: Re: [NSRCA-discussion] FMA Database Compromised



  I’ll make you a bet that 95+% of small businesses don’t know about much less follow the standards.

  The bad guys hit my account too but the bank fraud control unit called to alert me and resolved it with a new account number.

  Dave Burton



  From: nsrca-discussion-bounces at lists.nsrca.org [mailto:nsrca-discussion-bounces at lists.nsrca.org] On Behalf Of Gene Maurice
  Sent: Wednesday, November 19, 2008 10:56 AM
  To: 'General pattern discussion'
  Subject: Re: [NSRCA-discussion] FMA Database Compromised



  Credit card information is suppose to be encrypted and secured. There is an organization PCI (Payment Card Industry) who has issued a Data Security Standard that “mandates” certain security measures be implemented if you deal with CC payments.  

  Quote: PCI DSS requirements are applicable if a Primary Account Number (PAN) is stored, processed, or

  transmitted.



  The standards further states, quote:

   Do not store sensitive authentication data subsequent to authorization (even if encrypted).



  And, quote: 

  Render PAN, at minimum, unreadable anywhere it is stored (including data on portable digital

  media, backup media, in logs, and data received from or stored by wireless networks) by using

  any of the following approaches:

  • Strong one-way hash functions (hashed indexes)

  • Truncation

  • Index tokens and pads (pads must be securely stored)

  • Strong cryptography with associated key management processes and procedures.



  Sounds like FMA ain’t following the standard…………..



  Gene Maurice

  Plano, TX

  AMA 3408 NSRCA 877

  PACSS.sgmservice.com

  gene.maurice at sgmservice.com







  From: nsrca-discussion-bounces at lists.nsrca.org [mailto:nsrca-discussion-bounces at lists.nsrca.org] On Behalf Of Jay Marshall
  Sent: Wednesday, November 19, 2008 7:42 AM
  To: 'General pattern discussion'
  Subject: Re: [NSRCA-discussion] FMA Database Compromised



  This is the reason I use “one time” credit card numbers from Shop Safe where you specify the max amount and a valid period. I have never understood why credit card numbers must remain on a database after they have cleared. They ought to be encoded also!





  Jay Marshall 

  -----Original Message-----
  From: nsrca-discussion-bounces at lists.nsrca.org [mailto:nsrca-discussion-bounces at lists.nsrca.org] On Behalf Of MKMSG
  Sent: Wednesday, November 19, 2008 12:15 AM
  To: NSRCA Discussion List
  Subject: [NSRCA-discussion] FMA Database Compromised



  If any of you have recently bought products on line from FMA Direct using a credit card, check your credit card account.  FMA's database has been compromised/hacked and whoever has the information is making charges against the credit cards.  I read this in the electric forum on Ezonemag.com.    Sure enough, when I brought up my VISA account, there was a NAPSTER charge there so I cancelled the card.  You might want to check yours if you've done business on line with FMA recently.



  Mike





------------------------------------------------------------------------------
  Access your email online and on the go with Windows Live Hotmail. Sign up today. 


------------------------------------------------------------------------------


  _______________________________________________
  NSRCA-discussion mailing list
  NSRCA-discussion at lists.nsrca.org
  http://lists.nsrca.org/mailman/listinfo/nsrca-discussion


------------------------------------------------------------------------------



  No virus found in this incoming message.
  Checked by AVG - http://www.avg.com 
  Version: 8.0.175 / Virus Database: 270.9.7/1799 - Release Date: 11/19/2008 8:58 AM
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nsrca.org/pipermail/nsrca-discussion/attachments/20081120/69f0a721/attachment.html>


More information about the NSRCA-discussion mailing list