TELECOM Digest OnLine - Sorted: Re: Worst Phishing Fraud Attack Ever! 40 Million Cards Affected


Re: Worst Phishing Fraud Attack Ever! 40 Million Cards Affected


Robert Bonomi (bonomi@host122.r-bonomi.com)
Sun, 19 Jun 2005 02:23:22 -0000

In article <telecom24.276.3@telecom-digest.org>,
Steve Sobol <sjsobol@JustThe.net> wrote:

> Lisa Minter wrote:

>> "Hardly a week goes by without startling new examples of breaches of
>> sensitive personal data, reminding us how important it is to pass a
>> comprehensive identity theft prevention bill in Congress quickly,"
>> said Sen. Charles Schumer (news, bio, voting record), D-N.Y.

> Startling? I am not even surprised by junk like this anymore.

>> [TELECOM Digest Editor's Note: My thanks to Lisa for rounding up this
>> item. So what do we do now? Discontinue any/all shopping on the
>> web where Card Systems is the processor? What information _is_ safe
>> to give over the net any longer? Any at all? PAT]

> ???

> Who said anything about the Internet? This particular breach would
> affect much more than just Internet transactions. This is apparently a
> backend system that was breached. Non-Internet transactions could also
> have been exposed.

> And there's no way to avoid Card Systems, because we don't do business
> with them directly, and as far as I know, neither do the
> merchants. They deal with the card issuers.

Not exactly. Card systems is a payment clearinghouse. Merchants
submit transactions to a clearinghouse, who route things to the
correct card company, who route it to the issuing bank. A few "very
large" retailers (e.g. sears, walmart) may deal directly with the CC
companies, but it is unlikely. Some card issuers _also_ run a payment
clearinghouse, and thus short-cut the processing of their cards, when
processed through their clearinghouse.

The merchants that use Card Systems, know who they use to processes
card charges.

Customers of those merchants, however, have no way of telling, nor of
finding out, who the merchant uses to 'clear' the CC transactions.

Folks like Card Systems serve a similar purpose to "aggregators"
and/or "freight forwarders" in the shipping business. They provide
access to the high-volume channels, for those who don't have the
justification for 'direct' access to those channels.

[TELECOM Digest Editor's Note: And other than that one sort of skimpy
and guarded press release they gave out (and we printed here on
Saturday), they have had nothing more to say about it. PAT]

Post Followup Article Use your browser's quoting feature to quote article into reply
Go to Next message: jared: "Re: New Free Database Has _Everyone_ Listed"
Go to Previous message: Steve Sobol: "Re: Worst Phishing Fraud Attack Ever! 40 Million Cards Affected"
TELECOM Digest: Home Page