Journal damn_registrars's Journal: Insights Into the Fraudulent Use of My CheckCard 5
I previously wrote a journal entry about my Visa checkcard that was compromised and used to buy a bunch of shit that I don't need or want. Looking through the long list of shitty companies who this person made purchases through, I eventually found this page linking fraud to Nashbar purchases. Indeed I bought a few things from Nashbar back in March, and if memory serves me correct the last time this happened may have been close to a Nashbar purchase as well.
This may put me one step closer to finding the unscrupulous merchant that released my information. They certainly had my name, address, card number, card expiration date, and CVV; which is generally all you need to make a purchase.
This may put me one step closer to finding the unscrupulous merchant that released my information. They certainly had my name, address, card number, card expiration date, and CVV; which is generally all you need to make a purchase.
Since the number was compromised (Score:2)
Might as well punch it into google a few different ways and see what pops out. I think the worst that could happen is that Gthulhu learns you use credit ;)
That's why we need... (Score:1)
...a law with a warranty when it comes to computer security. Consumers need an indemnification policy with teeth. I don't mean "notification" I mean cash, wads of it. That's the only thing that is going to get computer security taken seriously.
This is also why I stopped giving out my SS except in legally required cases, which are dealing with the government and taxes/ employers and...that's about it. My bank has it. I have one account for decades now, and that's it. No other merchants, utilit
Unlikely they had the CVV/CVV2 (Score:1)
According to PCI DSS (http://www.pcisecuritystandards.org) you can't keep the CVV/CVV2/Pin Block data at all, ever, for any reason. If they have that, they are in violation and can lose their merchant account.
I do PCI security for a living. Let me know if I can assist you. scott {at} guppylog {dot} c o m
Re: (Score:2)
you can't keep the CVV/CVV2/Pin Block data at all, ever, for any reason
That I did not know. Though I am not a retailer so I don't have any particular obligation to know those regulations.
If they have that, they are in violation and can lose their merchant account.
I could be wrong but I suspect that I would need to demonstrate that indeed they kept it, which would likely be a very non-trivial feat for me to accomplish.
I can say that after talking to the merchants who billed by check card that most (likely all) of the transactions were done online. I just went through the order forms for two of them (without actually ordering or giving my own infor
Re: (Score:1)
Nope.
If you would like to see the standard yourself, you can get it Here: [pcisecuritystandards.org] https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml [pcisecuritystandards.org]
There is an agreement button, and then you get the PDF file. It's really not all that long, less than 100 pages.
What most merchants do (the smart ones) is get the processor to give them a hash value that they can use for subsequent transactions. That way, they don't have to store your data - the proce