Return-Path: <sentto-279987-1771-1000309364-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Wed, 12 Sep 2001 08:44:12 -0700 (PDT) Received: (qmail 19918 invoked by uid 510); 12 Sep 2001 15:43:02 -0000 Received: from n10.groups.yahoo.com (216.115.96.60) by 204.181.12.215 with SMTP; 12 Sep 2001 15:43:02 -0000 X-eGroups-Return: sentto-279987-1771-1000309364-fc=all.net@returns.onelist.com Received: from [10.1.4.53] by ej.egroups.com with NNFMP; 12 Sep 2001 15:42:45 -0000 X-Sender: fc@big.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-7_3_2_1); 12 Sep 2001 15:42:43 -0000 Received: (qmail 91792 invoked from network); 12 Sep 2001 15:41:04 -0000 Received: from unknown (10.1.10.142) by l7.egroups.com with QMQP; 12 Sep 2001 15:41:04 -0000 Received: from unknown (HELO big.all.net) (65.0.156.78) by mta3 with SMTP; 12 Sep 2001 15:41:04 -0000 Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id HAA00778 for iwar@onelist.com; Wed, 12 Sep 2001 07:19:03 -0700 Message-Id: <200109121419.HAA00778@big.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL1] From: Fred Cohen <fc@all.net> Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Wed, 12 Sep 2001 07:19:03 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:Hacker-Forces-Some-Banks-to-Cancel-Visa-Debit-Cards] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Hacker Forces Some Banks to Cancel Visa Debit Cards Dan Verton, ComputerWorld, 9/12/2001 <a href="http://www.antionline.com/showthread.php?threadid=110272">http://www.antionline.com/showthread.php?threadid=110272> SEVERAL BANKS in the Washington area have been forced to cancel and reissue thousands of Visa debit cards after a hacker allegedly intercepted a file containing purchase data from a local online merchant. First Virginia Banks Inc. in Falls Church, Va., last week began notifying 500 of its customers that their card numbers and expiration dates, phone numbers and addresses had been compromised. Likewise, Atlanta-based SunTrust Banks Inc., which has branch offices in northern Virginia, Washington and Maryland, began monitoring several customer accounts that may have been compromised. This comes two weeks after Washington-based Riggs Bank sent letters to 3,000 of its customers informing them that a local online merchant's customer database containing their Visa debit card numbers had been hacked and compromised. Officials at First Virginia, Riggs, Visa International Inc. and the FBI declined to name the retail operation where the data originated. All the payment data belonged to customers who had made purchases from an online merchant in the Washington area. However, Visa declined to say whether the data was taken directly from a system belonging to the merchant or from one of the many companies that process electronic payments between online retailers and Visa. Visa characterized the incident as "a potential compromise of cardholder data stored on a third party's computer." First Virginia has "no way of knowing which merchant it is that had their database hacked," said Rick Bowman, the bank's chief financial officer. "Visa does not disclose that information." A Riggs official, who spoke on condition of anonymity, said, "It would not be fair to identify the merchant" because the matter is still under investigation by the FBI and the incident could have been the result of security holes at one of several third-party companies that process Visa transactions. To date, there is no evidence of fraud stemming from the incident, the official said. News of the incident comes as Foster City, Calif.-based Visa is unveiling incentives for online retailers to adopt its Visa Authenticated Payment system. Announced Sept. 4, the payment system is designed to help those merchants conduct real-time verification of the identities of Internet shoppers. Mike Yakel, vice president of Visa USA's e-Visa division, said all online payment transactions go through "an acquirer," or third-party payment vendor, that submits the purchase from the merchant to the Visa system over the Internet. There are 50 to 100 companies nationwide that provide payment services. "Because the Internet is an open network, there is far more potential that the data could be accessed by somebody," said Yakel. Starting next year, a new Visa policy will require online merchants to offer encryption protection to cardholders during their online purchases. Any electronic merchant participating in the Verified by Visa program satisfies this requirement (see chart). Yakel said banks that issue cards and sponsor payment vendors to become part of the Verified by Visa initiative also assume liability and have a responsibility to prevent security breaches from occurring. (C) 2001 Computerworld. All Rights Reserved ------------------------ Yahoo! Groups Sponsor ---------------------~--> Secure all your Web servers now: Get your FREE Guide and learn to: DEPLOY THE LATEST ENCRYPTION, DELIVER TRANSPARENT PROTECTION, and More! http://us.click.yahoo.com/k0k.gC/nT7CAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:41 PDT