<html xmlns:m="http://schemas.microsoft.com/office/2004/12/omml">

<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">


<meta name=Generator content="Microsoft Word 10 (filtered)">

<style>
<!--a:link
        {mso-style-priority:99;}
span.MSOHYPERLINK
        {mso-style-priority:99;}
a:visited
        {mso-style-priority:99;}
span.MSOHYPERLINKFOLLOWED
        {mso-style-priority:99;}
p
        {mso-style-priority:99;}

 /* Font Definitions */
 @font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
        {font-family:"Brush Script MT";
        panose-1:3 6 8 2 4 4 6 7 3 4;}
@font-face
        {font-family:Verdana;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:SymbolMT;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman";}
a:link, span.MsoHyperlink
        {color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {color:purple;
        text-decoration:underline;}
p
        {margin-right:0in;
        margin-left:0in;
        font-size:12.0pt;
        font-family:"Times New Roman";}
p.normalweb1, li.normalweb1, div.normalweb1
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman";}
span.emailstyle19
        {font-family:Arial;
        color:navy;}
span.EmailStyle20
        {font-family:Calibri;
        color:#1F497D;}
span.EmailStyle21
        {font-family:Arial;
        color:navy;}
@page Section1
        {size:8.5in 11.0in;
        margin:.2in .25in 33.1pt .25in;}
div.Section1
        {page:Section1;}
-->
</style>

</head>

<body bgcolor=white lang=EN-US link=blue vlink=purple>

<div class=Section1>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Agree. I suspect that they, and many
others, are using home-brewed or out-dated software that doesn&#8217;t meet the
standards.</span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>&nbsp;</span></font></p>

<div>

<p><b><i><font size=4 color=navy face="Brush Script MT"><span style='font-size:
 13.5pt;font-family:"Brush Script MT";color:navy;font-weight:bold;font-style:
 italic'>Jay </span></font></i></b><b><i><font size=4 color=navy
  face="Brush Script MT"><span style='font-size:13.5pt;font-family:"Brush Script MT";
  color:navy;font-weight:bold;font-style:italic'>Marshall</span></font></i></b><font
color=navy><span style='color:navy'> </span></font></p>

</div>

<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Tahoma><span
style='font-size:10.0pt;font-family:Tahoma'>-----Original Message-----<br>
<b><span style='font-weight:bold'>From:</span></b> </span></font><font size=2
 face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>nsrca-discussion-bounces@lists.nsrca.org</span></font><font
size=2 face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'> [mailto:</span></font><font
 size=2 face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>nsrca-discussion-bounces@lists.nsrca.org</span></font><font
size=2 face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>] <b><span
style='font-weight:bold'>On Behalf Of </span></b>Gene Maurice<br>
<b><span style='font-weight:bold'>Sent:</span></b> Wednesday, November 19, 2008
10:56 AM<br>
<b><span style='font-weight:bold'>To:</span></b> 'General pattern discussion'<br>
<b><span style='font-weight:bold'>Subject:</span></b> Re: [NSRCA-discussion]
FMA Database Compromised</span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'>&nbsp;</span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 color="#1f497d"
face=Calibri><span style='font-size:11.0pt;font-family:Calibri;color:#1F497D'>Credit
card information is suppose to be encrypted and secured. There is an
organization PCI (Payment Card Industry) who has issued a Data Security
Standard that &#8220;mandates&#8221; certain security measures be implemented
if you deal with CC payments. &nbsp;</span></font></p>

<p class=MsoNormal style='margin-left:.5in;text-autospace:none'><font size=2
color="#1f497d" face=Calibri><span style='font-size:11.0pt;font-family:Calibri;
color:#1F497D'>Quote: </span></font><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>PCI DSS requirements are applicable
if a Primary Account Number (PAN) is stored, processed, or</span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>transmitted.</span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>&nbsp;</span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>The standards further states, quote:</span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>&nbsp;Do not store sensitive
authentication data subsequent to authorization (even if encrypted).</span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>&nbsp;</span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>And, quote: </span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>Render PAN, at minimum, unreadable
anywhere it is stored (including data on portable digital</span></font></p>

<p class=MsoNormal style='margin-left:.5in;text-autospace:none'><font size=2
face=Arial><span style='font-size:10.0pt;font-family:Arial'>media, backup
media, in logs, and data received from or stored by wireless networks) by using</span></font></p>

<p class=MsoNormal style='margin-left:.5in;text-autospace:none'><font size=2
face=Arial><span style='font-size:10.0pt;font-family:Arial'>any of the
following approaches:</span></font></p>

<p class=MsoNormal style='margin-left:.5in;text-autospace:none'><font size=2
face=SymbolMT><span style='font-size:10.0pt;font-family:SymbolMT'>&#8226; </span></font><font
size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>Strong
one-way hash functions (hashed indexes)</span></font></p>

<p class=MsoNormal style='margin-left:.5in;text-autospace:none'><font size=2
face=SymbolMT><span style='font-size:10.0pt;font-family:SymbolMT'>&#8226; </span></font><font
size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>Truncation</span></font></p>

<p class=MsoNormal style='margin-left:.5in;text-autospace:none'><font size=2
face=SymbolMT><span style='font-size:10.0pt;font-family:SymbolMT'>&#8226; </span></font><font
size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>Index tokens
and pads (pads must be securely stored)</span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 face=SymbolMT><span
style='font-size:10.0pt;font-family:SymbolMT'>&#8226; </span></font><font
size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>Strong
cryptography with associated key management processes and procedures.</span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>&nbsp;</span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>Sounds like FMA ain&#8217;t
following the standard&#8230;&#8230;&#8230;&#8230;..</span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 color="#1f497d"
face=Calibri><span style='font-size:11.0pt;font-family:Calibri;color:#1F497D'>&nbsp;</span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 color="#1f497d"
face=Calibri><span style='font-size:11.0pt;font-family:Calibri;color:#1F497D'>Gene
Maurice</span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 color="#1f497d"
face=Calibri><span style='font-size:11.0pt;font-family:Calibri;color:#1F497D'>Plano,
TX</span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 color="#1f497d"
face=Calibri><span style='font-size:11.0pt;font-family:Calibri;color:#1F497D'>AMA
3408 NSRCA 877</span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 color="#1f497d"
face=Calibri><span style='font-size:11.0pt;font-family:Calibri;color:#1F497D'>PACSS.sgmservice.com</span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 color="#1f497d"
face=Calibri><span style='font-size:11.0pt;font-family:Calibri;color:#1F497D'>gene.maurice@sgmservice.com</span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 color="#1f497d"
face=Calibri><span style='font-size:11.0pt;font-family:Calibri;color:#1F497D'>&nbsp;</span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 color="#1f497d"
face=Calibri><span style='font-size:11.0pt;font-family:Calibri;color:#1F497D'>&nbsp;</span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 color="#1f497d"
face=Calibri><span style='font-size:11.0pt;font-family:Calibri;color:#1F497D'>&nbsp;</span></font></p>

<div>

<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>

<p class=MsoNormal style='margin-left:.5in'><b><font size=2 face=Tahoma><span
style='font-size:10.0pt;font-family:Tahoma;font-weight:bold'>From:</span></font></b><font
size=2 face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>
nsrca-discussion-bounces@lists.nsrca.org
[mailto:nsrca-discussion-bounces@lists.nsrca.org] <b><span style='font-weight:
bold'>On Behalf Of </span></b>Jay Marshall<br>
<b><span style='font-weight:bold'>Sent:</span></b> Wednesday, November 19, 2008
7:42 AM<br>
<b><span style='font-weight:bold'>To:</span></b> 'General pattern discussion'<br>
<b><span style='font-weight:bold'>Subject:</span></b> Re: [NSRCA-discussion]
FMA Database Compromised</span></font></p>

</div>

</div>

<p class=MsoNormal style='margin-left:.5in'><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'>&nbsp;</span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 color=navy face=Arial><span
style='font-size:10.0pt;font-family:Arial;color:navy'>This is the reason I use
&#8220;one time&#8221; credit card numbers from Shop Safe where you specify the
max amount and a valid period. I have never understood why credit card numbers
must remain on a database after they have cleared. They ought to be encoded
also!</span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 color=navy face=Arial><span
style='font-size:10.0pt;font-family:Arial;color:navy'>&nbsp;</span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 color=navy face=Arial><span
style='font-size:10.0pt;font-family:Arial;color:navy'>&nbsp;</span></font></p>

<div>

<p style='margin-left:.5in'><b><i><font size=4 color=navy face="Brush Script MT"><span
style='font-size:13.5pt;font-family:"Brush Script MT";color:navy;font-weight:
bold;font-style:italic'>Jay Marshall</span></font></i></b><font color=navy><span
style='color:navy'> </span></font></p>

</div>

<p class=MsoNormal style='margin-left:1.0in'><font size=7 face=Tahoma><span
style='font-size:100.0pt;font-family:Tahoma'>-----Original Message-----<br>
<b><span style='font-weight:bold'>From:</span></b>
nsrca-discussion-bounces@lists.nsrca.org
[mailto:nsrca-discussion-bounces@lists.nsrca.org] <b><span style='font-weight:
bold'>On Behalf Of </span></b>MKMSG<br>
<b><span style='font-weight:bold'>Sent:</span></b> Wednesday, November 19, 2008
12:15 AM<br>
<b><span style='font-weight:bold'>To:</span></b> NSRCA Discussion List<br>
<b><span style='font-weight:bold'>Subject:</span></b> [NSRCA-discussion] FMA
Database Compromised</span></font></p>

<p class=MsoNormal style='margin-left:1.0in'><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'>&nbsp;</span></font></p>

<div>

<p class=MsoNormal style='margin-left:1.0in'><font size=7 face=Arial><span
style='font-size:100.0pt;font-family:Arial'>If any of you have recently bought
products on line from FMA Direct using a credit card, check your credit card
account.&nbsp; FMA's database has been compromised/hacked and whoever has the
information is making charges against the credit cards.&nbsp; I read this in
the electric forum on Ezonemag.com.&nbsp;&nbsp;&nbsp; Sure enough, when I
brought up my VISA account, there was a NAPSTER charge there so I cancelled the
card.&nbsp; You might want to check yours if you've done business on line with
FMA recently.</span></font></p>

</div>

<div>

<p class=MsoNormal style='margin-left:1.0in'><font size=7 face=Verdana><span
style='font-size:100.0pt;font-family:Verdana'>&nbsp;</span></font></p>

</div>

<div>

<p class=MsoNormal style='margin-left:1.0in'><font size=7 face=Arial><span
style='font-size:100.0pt;font-family:Arial'>Mike</span></font></p>

</div>

<blockquote style='border:none;border-left:solid black 1.5pt;padding:0in 0in 0in 3.0pt;
margin-left:3.0pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt'>

<p class=MsoNormal style='margin-left:1.0in'><font size=7 face=Verdana><span
style='font-size:100.0pt;font-family:Verdana'>&nbsp;</span></font></p>

</blockquote>

</div>

</body>

</html>