
<html xmlns:m="http://schemas.microsoft.com/office/2004/12/omml">


<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">


<meta name=Generator content="Microsoft Word 10 (filtered)">


<style>

<!--a:link

        {mso-style-priority:99;}

span.MSOHYPERLINK

        {mso-style-priority:99;}

a:visited

        {mso-style-priority:99;}

span.MSOHYPERLINKFOLLOWED

        {mso-style-priority:99;}

p

        {mso-style-priority:99;}


 /* Font Definitions */

 @font-face

        {font-family:Tahoma;

        panose-1:2 11 6 4 3 5 4 4 2 4;}

@font-face

        {font-family:"Brush Script MT";

        panose-1:3 6 8 2 4 4 6 7 3 4;}

@font-face

        {font-family:Verdana;

        panose-1:2 11 6 4 3 5 4 4 2 4;}

@font-face

        {font-family:Calibri;

        panose-1:2 15 5 2 2 2 4 3 2 4;}

@font-face

        {font-family:SymbolMT;}

 /* Style Definitions */

 p.MsoNormal, li.MsoNormal, div.MsoNormal

        {margin:0in;

        margin-bottom:.0001pt;

        font-size:12.0pt;

        font-family:"Times New Roman";}

a:link, span.MsoHyperlink

        {color:blue;

        text-decoration:underline;}

a:visited, span.MsoHyperlinkFollowed

        {color:purple;

        text-decoration:underline;}

p

        {margin-right:0in;

        margin-left:0in;

        font-size:12.0pt;

        font-family:"Times New Roman";}

p.normalweb1, li.normalweb1, div.normalweb1

        {margin:0in;

        margin-bottom:.0001pt;

        font-size:12.0pt;

        font-family:"Times New Roman";}

span.emailstyle19

        {font-family:Arial;

        color:navy;}

span.EmailStyle20

        {font-family:Calibri;

        color:#1F497D;}

span.EmailStyle21

        {font-family:Arial;

        color:navy;}

@page Section1

        {size:8.5in 11.0in;

        margin:.2in .25in 33.1pt .25in;}

div.Section1

        {page:Section1;}

-->

</style>


</head>


<body bgcolor=white lang=EN-US link=blue vlink=purple>


<div class=Section1>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:

10.0pt;font-family:Arial;color:navy'>Agree. I suspect that they, and many

others, are using home-brewed or out-dated software that doesn&#8217;t meet the

standards.</span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:

10.0pt;font-family:Arial;color:navy'>&nbsp;</span></font></p>


<div>


<p><b><i><font size=4 color=navy face="Brush Script MT"><span style='font-size:

 13.5pt;font-family:"Brush Script MT";color:navy;font-weight:bold;font-style:

 italic'>Jay </span></font></i></b><b><i><font size=4 color=navy

  face="Brush Script MT"><span style='font-size:13.5pt;font-family:"Brush Script MT";

  color:navy;font-weight:bold;font-style:italic'>Marshall</span></font></i></b><font

color=navy><span style='color:navy'> </span></font></p>


</div>


<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Tahoma><span

style='font-size:10.0pt;font-family:Tahoma'>-----Original Message-----<br>

<b><span style='font-weight:bold'>From:</span></b> </span></font><font size=2

 face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>nsrca-discussion-bounces@lists.nsrca.org</span></font><font

size=2 face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'> [mailto:</span></font><font

 size=2 face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>nsrca-discussion-bounces@lists.nsrca.org</span></font><font

size=2 face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>] <b><span

style='font-weight:bold'>On Behalf Of </span></b>Gene Maurice<br>

<b><span style='font-weight:bold'>Sent:</span></b> Wednesday, November 19, 2008

10:56 AM<br>

<b><span style='font-weight:bold'>To:</span></b> 'General pattern discussion'<br>

<b><span style='font-weight:bold'>Subject:</span></b> Re: [NSRCA-discussion]

FMA Database Compromised</span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=3 face="Times New Roman"><span

style='font-size:12.0pt'>&nbsp;</span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 color="#1f497d"

face=Calibri><span style='font-size:11.0pt;font-family:Calibri;color:#1F497D'>Credit

card information is suppose to be encrypted and secured. There is an

organization PCI (Payment Card Industry) who has issued a Data Security

Standard that &#8220;mandates&#8221; certain security measures be implemented

if you deal with CC payments. &nbsp;</span></font></p>


<p class=MsoNormal style='margin-left:.5in;text-autospace:none'><font size=2

color="#1f497d" face=Calibri><span style='font-size:11.0pt;font-family:Calibri;

color:#1F497D'>Quote: </span></font><font size=2 face=Arial><span

style='font-size:10.0pt;font-family:Arial'>PCI DSS requirements are applicable

if a Primary Account Number (PAN) is stored, processed, or</span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Arial><span

style='font-size:10.0pt;font-family:Arial'>transmitted.</span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Arial><span

style='font-size:10.0pt;font-family:Arial'>&nbsp;</span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Arial><span

style='font-size:10.0pt;font-family:Arial'>The standards further states, quote:</span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Arial><span

style='font-size:10.0pt;font-family:Arial'>&nbsp;Do not store sensitive

authentication data subsequent to authorization (even if encrypted).</span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Arial><span

style='font-size:10.0pt;font-family:Arial'>&nbsp;</span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Arial><span

style='font-size:10.0pt;font-family:Arial'>And, quote: </span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Arial><span

style='font-size:10.0pt;font-family:Arial'>Render PAN, at minimum, unreadable

anywhere it is stored (including data on portable digital</span></font></p>


<p class=MsoNormal style='margin-left:.5in;text-autospace:none'><font size=2

face=Arial><span style='font-size:10.0pt;font-family:Arial'>media, backup

media, in logs, and data received from or stored by wireless networks) by using</span></font></p>


<p class=MsoNormal style='margin-left:.5in;text-autospace:none'><font size=2

face=Arial><span style='font-size:10.0pt;font-family:Arial'>any of the

following approaches:</span></font></p>


<p class=MsoNormal style='margin-left:.5in;text-autospace:none'><font size=2

face=SymbolMT><span style='font-size:10.0pt;font-family:SymbolMT'>&#8226; </span></font><font

size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>Strong

one-way hash functions (hashed indexes)</span></font></p>


<p class=MsoNormal style='margin-left:.5in;text-autospace:none'><font size=2

face=SymbolMT><span style='font-size:10.0pt;font-family:SymbolMT'>&#8226; </span></font><font

size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>Truncation</span></font></p>


<p class=MsoNormal style='margin-left:.5in;text-autospace:none'><font size=2

face=SymbolMT><span style='font-size:10.0pt;font-family:SymbolMT'>&#8226; </span></font><font

size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>Index tokens

and pads (pads must be securely stored)</span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 face=SymbolMT><span

style='font-size:10.0pt;font-family:SymbolMT'>&#8226; </span></font><font

size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>Strong

cryptography with associated key management processes and procedures.</span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Arial><span

style='font-size:10.0pt;font-family:Arial'>&nbsp;</span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Arial><span

style='font-size:10.0pt;font-family:Arial'>Sounds like FMA ain&#8217;t

following the standard&#8230;&#8230;&#8230;&#8230;..</span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 color="#1f497d"

face=Calibri><span style='font-size:11.0pt;font-family:Calibri;color:#1F497D'>&nbsp;</span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 color="#1f497d"

face=Calibri><span style='font-size:11.0pt;font-family:Calibri;color:#1F497D'>Gene

Maurice</span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 color="#1f497d"

face=Calibri><span style='font-size:11.0pt;font-family:Calibri;color:#1F497D'>Plano,

TX</span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 color="#1f497d"

face=Calibri><span style='font-size:11.0pt;font-family:Calibri;color:#1F497D'>AMA

3408 NSRCA 877</span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 color="#1f497d"

face=Calibri><span style='font-size:11.0pt;font-family:Calibri;color:#1F497D'>PACSS.sgmservice.com</span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 color="#1f497d"

face=Calibri><span style='font-size:11.0pt;font-family:Calibri;color:#1F497D'>gene.maurice@sgmservice.com</span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 color="#1f497d"

face=Calibri><span style='font-size:11.0pt;font-family:Calibri;color:#1F497D'>&nbsp;</span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 color="#1f497d"

face=Calibri><span style='font-size:11.0pt;font-family:Calibri;color:#1F497D'>&nbsp;</span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 color="#1f497d"

face=Calibri><span style='font-size:11.0pt;font-family:Calibri;color:#1F497D'>&nbsp;</span></font></p>


<div>


<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>


<p class=MsoNormal style='margin-left:.5in'><b><font size=2 face=Tahoma><span

style='font-size:10.0pt;font-family:Tahoma;font-weight:bold'>From:</span></font></b><font

size=2 face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>

nsrca-discussion-bounces@lists.nsrca.org

[mailto:nsrca-discussion-bounces@lists.nsrca.org] <b><span style='font-weight:

bold'>On Behalf Of </span></b>Jay Marshall<br>

<b><span style='font-weight:bold'>Sent:</span></b> Wednesday, November 19, 2008

7:42 AM<br>

<b><span style='font-weight:bold'>To:</span></b> 'General pattern discussion'<br>

<b><span style='font-weight:bold'>Subject:</span></b> Re: [NSRCA-discussion]

FMA Database Compromised</span></font></p>


</div>


</div>


<p class=MsoNormal style='margin-left:.5in'><font size=3 face="Times New Roman"><span

style='font-size:12.0pt'>&nbsp;</span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 color=navy face=Arial><span

style='font-size:10.0pt;font-family:Arial;color:navy'>This is the reason I use

&#8220;one time&#8221; credit card numbers from Shop Safe where you specify the

max amount and a valid period. I have never understood why credit card numbers

must remain on a database after they have cleared. They ought to be encoded

also!</span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 color=navy face=Arial><span

style='font-size:10.0pt;font-family:Arial;color:navy'>&nbsp;</span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 color=navy face=Arial><span

style='font-size:10.0pt;font-family:Arial;color:navy'>&nbsp;</span></font></p>


<div>


<p style='margin-left:.5in'><b><i><font size=4 color=navy face="Brush Script MT"><span

style='font-size:13.5pt;font-family:"Brush Script MT";color:navy;font-weight:

bold;font-style:italic'>Jay Marshall</span></font></i></b><font color=navy><span

style='color:navy'> </span></font></p>


</div>


<p class=MsoNormal style='margin-left:1.0in'><font size=7 face=Tahoma><span

style='font-size:100.0pt;font-family:Tahoma'>-----Original Message-----<br>

<b><span style='font-weight:bold'>From:</span></b>

nsrca-discussion-bounces@lists.nsrca.org

[mailto:nsrca-discussion-bounces@lists.nsrca.org] <b><span style='font-weight:

bold'>On Behalf Of </span></b>MKMSG<br>

<b><span style='font-weight:bold'>Sent:</span></b> Wednesday, November 19, 2008

12:15 AM<br>

<b><span style='font-weight:bold'>To:</span></b> NSRCA Discussion List<br>

<b><span style='font-weight:bold'>Subject:</span></b> [NSRCA-discussion] FMA

Database Compromised</span></font></p>


<p class=MsoNormal style='margin-left:1.0in'><font size=3 face="Times New Roman"><span

style='font-size:12.0pt'>&nbsp;</span></font></p>


<div>


<p class=MsoNormal style='margin-left:1.0in'><font size=7 face=Arial><span

style='font-size:100.0pt;font-family:Arial'>If any of you have recently bought

products on line from FMA Direct using a credit card, check your credit card

account.&nbsp; FMA's database has been compromised/hacked and whoever has the

information is making charges against the credit cards.&nbsp; I read this in

the electric forum on Ezonemag.com.&nbsp;&nbsp;&nbsp; Sure enough, when I

brought up my VISA account, there was a NAPSTER charge there so I cancelled the

card.&nbsp; You might want to check yours if you've done business on line with

FMA recently.</span></font></p>


</div>


<div>


<p class=MsoNormal style='margin-left:1.0in'><font size=7 face=Verdana><span

style='font-size:100.0pt;font-family:Verdana'>&nbsp;</span></font></p>


</div>


<div>


<p class=MsoNormal style='margin-left:1.0in'><font size=7 face=Arial><span

style='font-size:100.0pt;font-family:Arial'>Mike</span></font></p>


</div>


<blockquote style='border:none;border-left:solid black 1.5pt;padding:0in 0in 0in 3.0pt;

margin-left:3.0pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt'>


<p class=MsoNormal style='margin-left:1.0in'><font size=7 face=Verdana><span

style='font-size:100.0pt;font-family:Verdana'>&nbsp;</span></font></p>


</blockquote>


</div>


</body>


</html>