[ale] OT: Security code on Credit/Debit cards

scott boss scott at sboss.net
Mon Feb 22 17:07:25 EST 2010


Now lots of this is changing with PCI and other regulations.   FTP has been
changed to sftp or FTP over an encrypted channel.

With PCI all people with credit card data (names, accounts, pin/cvv, etc)
has to encrypt the data at rest (sitting on disk, tape. Etc) and has to log
everyone that accesses it.

Now that a given large company/bank/credit card processor has a file open
against them doesn't mean anything.  I would bet that anyone of these has a
file for investigation open at any given time.

Let's say amazon has a file open.  Well there might have been some fraud and
the obvious common point is they all bought stuff from amazon.  Hey who
hasn't?  Now as they investigate the fraud case they fond out that all
shopped at walmart.com.  Or used some other common service.  Now amazon had
a file open against then but it was nothing in this example.

I am not implying anything with any of these companies.  They were just used
as an example.

Now for some direct knowledge of mine.  I have been using paypal's virtual
credit cards to purchase stuff online for many many years with ZERO issues.
 And using paypal as paypal forever.  Again with ZeRO issues.  And I use I
daily if not more often.  Now I am not going to say that you won't have
issues.  I just haven't.

Good luck

Sent from my mobile...

On Feb 22, 2010, at 16:50, Jim Kinney <jim.kinney at gmail.com> wrote:



On Mon, Feb 22, 2010 at 4:32 PM, Scott Castaline <skotchman at gmail.com>wrote:

>
> After hanging up I started thinking about building a cement bunker and
> put all my money there. No banks, no plastic.
>
> Within the past 3 years I have seen check authorization processes and
nightly uploads to the Federal Reserve Bank occur using absolutely no form
of encryption at all. >From the check reader at the store to the receiving
end is nothing but a modem and a phone line and a fairly well documented
data packing process. The upload to the Fed use(s/d) plain ftp.

Banks routinely use plain ftp to bulk transfer account data over commercial
Internet connections between branches.

I was appalled. When I found it was common practice I completely floored.

-- 
-- 
James P. Kinney III
Actively in pursuit of Life, Liberty and Happiness

_______________________________________________
Ale mailing list
Ale at ale.org
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20100222/6f0b538a/attachment-0001.html 


More information about the Ale mailing list