[ale] OT: Security code on Credit/Debit cards

Tim Watts timtw at earthlink.net
Mon Feb 22 18:28:21 EST 2010


When I worked at a certain Bank of Something my team was seriously
alarmed when we found our personal records in the test database -- SSNs
PINs and all. We were even more alarmed when we were told it "wasn't a
problem" because even though it was a copy of the production data, it
was 6 months old, so no worries. BTW, the test database has no audit
controls so there was no trail of who accessed what record when.
Pleasant dreams everybody.

I guess what's really amazing is that the level of fraud isn't orders of
magnitude higher than it is given the enormous potential for unskilled
fraud.


On Mon, 2010-02-22 at 16:50 -0500, Jim Kinney wrote:
> 
> 
> On Mon, Feb 22, 2010 at 4:32 PM, Scott Castaline <skotchman at gmail.com>
> wrote:
>         
>         After hanging up I started thinking about building a cement
>         bunker and
>         put all my money there. No banks, no plastic.
>         
>         
>         
> Within the past 3 years I have seen check authorization processes and
> nightly uploads to the Federal Reserve Bank occur using absolutely no
> form of encryption at all. >From the check reader at the store to the
> receiving end is nothing but a modem and a phone line and a fairly
> well documented data packing process. The upload to the Fed use(s/d)
> plain ftp.
> 
> Banks routinely use plain ftp to bulk transfer account data over
> commercial Internet connections between branches.
> 
> I was appalled. When I found it was common practice I completely
> floored.
> 
> 
> -- 
> -- 
> James P. Kinney III
> Actively in pursuit of Life, Liberty and Happiness         
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo


________
You can no more win a war than you can win an earthquake.
-- Jeannette Rankin

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 489 bytes
Desc: This is a digitally signed message part
Url : http://mail.ale.org/pipermail/ale/attachments/20100222/c72469a4/attachment.bin 


More information about the Ale mailing list