[iwar] [fc:Hacker-Forces-Some-Banks-to-Cancel-Visa-Debit-Cards]

From: Fred Cohen (fc@all.net)
Date: 2001-09-12 07:19:03


Return-Path: <sentto-279987-1771-1000309364-fc=all.net@returns.onelist.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Wed, 12 Sep 2001 08:44:12 -0700 (PDT)
Received: (qmail 19918 invoked by uid 510); 12 Sep 2001 15:43:02 -0000
Received: from n10.groups.yahoo.com (216.115.96.60) by 204.181.12.215 with SMTP; 12 Sep 2001 15:43:02 -0000
X-eGroups-Return: sentto-279987-1771-1000309364-fc=all.net@returns.onelist.com
Received: from [10.1.4.53] by ej.egroups.com with NNFMP; 12 Sep 2001 15:42:45 -0000
X-Sender: fc@big.all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-7_3_2_1); 12 Sep 2001 15:42:43 -0000
Received: (qmail 91792 invoked from network); 12 Sep 2001 15:41:04 -0000
Received: from unknown (10.1.10.142) by l7.egroups.com with QMQP; 12 Sep 2001 15:41:04 -0000
Received: from unknown (HELO big.all.net) (65.0.156.78) by mta3 with SMTP; 12 Sep 2001 15:41:04 -0000
Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id HAA00778 for iwar@onelist.com; Wed, 12 Sep 2001 07:19:03 -0700
Message-Id: <200109121419.HAA00778@big.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL1]
From: Fred Cohen <fc@all.net>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Wed, 12 Sep 2001 07:19:03 -0700 (PDT)
Reply-To: iwar@yahoogroups.com
Subject: [iwar] [fc:Hacker-Forces-Some-Banks-to-Cancel-Visa-Debit-Cards]
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Hacker Forces Some Banks to Cancel Visa Debit Cards 
Dan Verton, ComputerWorld, 9/12/2001
<a href="http://www.antionline.com/showthread.php?threadid=110272">http://www.antionline.com/showthread.php?threadid=110272>

SEVERAL BANKS in the Washington area have been forced to cancel and
reissue thousands of Visa debit cards after a hacker allegedly
intercepted a file containing purchase data from a local online
merchant. 
First Virginia Banks Inc. in Falls Church, Va., last week began
notifying 500 of its customers that their card numbers and expiration
dates, phone numbers and addresses had been compromised. Likewise,
Atlanta-based SunTrust Banks Inc., which has branch offices in northern
Virginia, Washington and Maryland, began monitoring several customer
accounts that may have been compromised. 
This comes two weeks after Washington-based Riggs Bank sent letters to
3,000 of its customers informing them that a local online merchant's
customer database containing their Visa debit card numbers had been
hacked and compromised. Officials at First Virginia, Riggs, Visa
International Inc. and the FBI declined to name the retail operation
where the data originated. 
All the payment data belonged to customers who had made purchases from
an online merchant in the Washington area. However, Visa declined to say
whether the data was taken directly from a system belonging to the
merchant or from one of the many companies that process electronic
payments between online retailers and Visa. 
Visa characterized the incident as "a potential compromise of cardholder
data stored on a third party's computer." 
First Virginia has "no way of knowing which merchant it is that had
their database hacked," said Rick Bowman, the bank's chief financial
officer. "Visa does not disclose that information." 
A Riggs official, who spoke on condition of anonymity, said, "It would
not be fair to identify the merchant" because the matter is still under
investigation by the FBI and the incident could have been the result of
security holes at one of several third-party companies that process Visa
transactions. To date, there is no evidence of fraud stemming from the
incident, the official said. 
News of the incident comes as Foster City, Calif.-based Visa is
unveiling incentives for online retailers to adopt its Visa
Authenticated Payment system. Announced Sept. 4, the payment system is
designed to help those merchants conduct real-time verification of the
identities of Internet shoppers. 
Mike Yakel, vice president of Visa USA's e-Visa division, said all
online payment transactions go through "an acquirer," or third-party
payment vendor, that submits the purchase from the merchant to the Visa
system over the Internet. There are 50 to 100 companies nationwide that
provide payment services. 
"Because the Internet is an open network, there is far more potential
that the data could be accessed by somebody," said Yakel. 
Starting next year, a new Visa policy will require online merchants to
offer encryption protection to cardholders during their online
purchases. Any electronic merchant participating in the Verified by Visa
program satisfies this requirement (see chart). 
Yakel said banks that issue cards and sponsor payment vendors to become
part of the Verified by Visa initiative also assume liability and have a
responsibility to prevent security breaches from occurring. 
(C) 2001 Computerworld. All Rights Reserved

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Secure all your Web servers now: Get your FREE Guide and learn to: DEPLOY THE LATEST ENCRYPTION,
DELIVER TRANSPARENT PROTECTION, and More!
http://us.click.yahoo.com/k0k.gC/nT7CAA/yigFAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 



This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:41 PDT