[NSRCA-discussion] FMA Database Compromised

Archie Stafford astafford at swtexas.net
Wed Nov 19 17:39:35 AKST 2008 

Chris,

 

A lot of companies now are requiring the full billing address now for
verification, not just the zip code as it used to be.  

 

Arch

 

 

  _____  

From: nsrca-discussion-bounces at lists.nsrca.org
[mailto:nsrca-discussion-bounces at lists.nsrca.org] On Behalf Of Chris Moon
Sent: Thursday, November 20, 2008 7:03 AM
To: General pattern discussion
Subject: Re: [NSRCA-discussion] FMA Database Compromised

 

Guys:
I kind of doubt it was simply a breach of their external credit card
processor, and here's why.  On Monday, I received a small print order (less
than $6) from an online printing company.  The small box had my name and
address correctly on it and it was from a company that had 3 of the
fraudulent charges on my credit card.  I did not order this stuff of course,
but the thieves clearly had not only my valid credit card number and
expiration date as a processing company might have, but had my correct name
and address to go with it.  One of the online forums had a posting from a
guy who said they had enough info on him to get this bank to release the
pin# for his card to THEM and subsequently took out $400 in cash advances.
So unless the credit card processors need the name and address data too in
order to process the charges (I know for a fact they did not need this data
years ago), I think it was the FMA internal server that was hacked, or an
inside job from an employee or ex-employee - which I think is most likely.  

Chris

Pete Cosky wrote: 

That's the truth. A lock only keeps an honest man honest.

 

>From what I gathered it wasn't FMA that was compromised, it was their
payment processor, which begs the question how many other businesses are
impacted by this breach.

----- Original Message ----- 

From: Archie Stafford <mailto:astafford at swtexas.net>  

To: 'General pattern <mailto:nsrca-discussion at lists.nsrca.org>  discussion' 

Sent: Wednesday, November 19, 2008 7:29 PM

Subject: Re: [NSRCA-discussion] FMA Database Compromised

 

Matt,

 

The security symbol would not have helped here.  I'm sure FMA has a fairly
secure site.  Their database was what was compromised.  Technology improves
daily for this type of fraud.but so do the people doing it.  

 

Arch

 

 


  _____  


From: nsrca-discussion-bounces at lists.nsrca.org
[mailto:nsrca-discussion-bounces at lists.nsrca.org] On Behalf Of MATT LIPRIE
Sent: Thursday, November 20, 2008 4:53 AM
To: mups1953 at yahoo.com; General pattern discussion
Subject: Re: [NSRCA-discussion] FMA Database Compromised

 

That is why I am so leary of using a credit card somewhere like that.   Plus
I do always check if the website has a little security symbol on the bottom
of the page.

 

Matthew L.

----- Original Message ----- 

From: mike mueller <mailto:mups1953 at yahoo.com>  

To: General pattern <mailto:nsrca-discussion at lists.nsrca.org>  discussion 

Sent: Wednesday, November 19, 2008 7:52 AM

Subject: Re: [NSRCA-discussion] FMA Database Compromised

 


 Bingo, that explains it. Good catch!

--- On Tue, 11/18/08, MKMSG <mkmsg at cox.net> wrote:

From: MKMSG <mkmsg at cox.net>
Subject: [NSRCA-discussion] FMA Database Compromised
To: "NSRCA Discussion List" <nsrca-discussion at lists.nsrca.org>
Date: Tuesday, November 18, 2008, 11:14 PM

If any of you have recently bought products on line from FMA Direct using a
credit card, check your credit card account.  FMA's database has been
compromised/hacked and whoever has the information is making charges against
the credit cards.  I read this in the electric forum on Ezonemag.com.
Sure enough, when I brought up my VISA account, there was a NAPSTER charge
there so I cancelled the card.  You might want to check yours if you've done
business on line with FMA recently.

 

Mike

 

_______________________________________________
NSRCA-discussion mailing list
NSRCA-discussion at lists.nsrca.org
http://lists.nsrca.org/mailman/listinfo/nsrca-discussion

 


  _____  


_______________________________________________
NSRCA-discussion mailing list
NSRCA-discussion at lists.nsrca.org
http://lists.nsrca.org/mailman/listinfo/nsrca-discussion 


  _____  



No virus found in this incoming message.
Checked by AVG - http://www.avg.com 
Version: 8.0.175 / Virus Database: 270.9.7/1799 - Release Date: 11/19/2008
8:58 AM


  _____  


_______________________________________________
NSRCA-discussion mailing list
NSRCA-discussion at lists.nsrca.org
http://lists.nsrca.org/mailman/listinfo/nsrca-discussion

 





  _____  



 
_______________________________________________
NSRCA-discussion mailing list
NSRCA-discussion at lists.nsrca.org
http://lists.nsrca.org/mailman/listinfo/nsrca-discussion
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nsrca.org/pipermail/nsrca-discussion/attachments/20081120/f2e81e7a/attachment.html>

More information about the NSRCA-discussion mailing list