 |
merchant911.org -- helping Merchants |
|
merchant911.org -- helping Merchants |
Even Some Banks are Careless --- Friday, May 30, 2008
According to ComputerWorld, Bank of New York Mellon Corp. transported an unencrypted computer tapes with 4.5 million client records and the tapes are lost.
Full story here...
http://www.merchant911.org/blog/index.php/2008/05/30/even-some-banks-are-careless/
Merchant911 Blog now available via Email --- Saturday, May 17, 2008
In addition to subscribing to the Merchant911 Blog via the newsfeed of your choice, you can now receive the individual blog posts via email.
Just click on the link below and enter the spam stopper letters on the web page. You'll receive confirming email which you'll need to reply to.
Subscribe to Merchant911 Blog by Email
Another Less-Than-Useless Service --- Thursday, May 15, 2008
Marketing a service under the name of “Verify-Me-Now,” the company known as Ifbyphone is offering to "SLASH credit card fraud" with a simple telephone call. There's a problem. They have no idea who their automated system is calling; it could be the real card holder or it could be a professional thief on a disposable cell phone. They do nothing to prevent credit card fraud.
Full story here...
SoftCard Vendor Exposing Card Numbers --- Monday, May 5, 2008
When a company that claims to be selling credit card security products does it with an insecure web form, I just have to wonder what they are really doing. SoftCard.biz just has me wondering.
I blogged about Softcard back in early March, but I'm going to do it again. Yes, it's THAT serious! The company uses PinPay - to process transactions and both companies are a part of ACAP Security, Inc.. Note that these folks use the word "security" in their corporate identity.
I reviewed their site for possible inclusion in our website's resource pages, but promptly rejected them. My main objection, and there were several, was that their insecure sign-up form - was requesting "Identity Card Numbers" and issue dates. "Identity cards" are selectable from a drop down menu and include such ID information as Passport, Driver's license, SSN, and Credit Card. The form also requires a full name and DOB. I tried using the HTTPS URL but it appears that they do not have a security certificate tied to their site.
I called their attention to the insecure web form in January. They still have the form up there, happily collecting this information with an insecure form.
I have to wonder how much information has already been sniffed or otherwise compromised. You probably don't want to fill out this form.