Breach Exposes 19,000 Active US, UK Credit Cards 232
pnorth writes "A defunct payment gateway has exposed as many as 19,000 credit card numbers of US and UK consumers in a major worldwide breach. The data, held in Google cache, includes credit card numbers, CVVs, expiry dates, names and addresses. The credit card numbers are for accounts held with Visa, Mastercard, American Express, Solo, Switch, Delta and Maestro/Cirrus. Within the address bars of the cached pages are URLs of e-commerce sites that have become victims of the breach. They include clothing, science, health, sports and photo imaging stores. The cause appears to be a known issue with the Google search engine, in which the pages of defunct web sites containing sensitive directories remain cached and available to anyone."
Cashless Society (Score:5, Interesting)
It's gonna be interesting when we finally move to a cashless society. Things like this will be unforgivable in such a society. That is, we will have to have solved this problem, by and large, of card theft and purchase fraud.
I know that the card companies have been working on a method of reducing fraud by doing something like linking your card to your phone and texting you for verification when they detect suspicious activity. Or perhaps requiring you to send your picture back to them or something as a verification.
The person who can create a secondary verification system like that will make a lot of money by solving the great problem that is card-fraud.
Re:Cashless Society (Score:5, Insightful)
Cashless society gives control to others. OK cash is under the control of others, but not so much or in the same way.
People will not give up their cash without a fight, particularly in the current circumstances (not that anyone ever trusted banks, private companies or government).
I for one sincerely hope we never have a cashless society.
Re:Cashless Society (Score:4, Insightful)
People will not give up their cash without a fight,
Oh I don't know. I think it's pretty much down to culture that one.
I see people putting their credit cards behind the bar and drinking to the limit. Seems especially common for young professional women.
Japan on the other hand, is all cash only. And else where in Asia, it's cool that you can order computer hardware, plane tickets etc, and it turns up at your door, THEN you hand over the cash.
Cash on delivery seems quite alien to me now, having grown up in the UK with credit cards for everything. Yet what can be a more secure way of paying online, than not paying online at all.
Re: (Score:2)
>>>Japan on the other hand, is all cash only. And else where in Asia, it's cool that you can order computer hardware, plane tickets etc, and it turns up at your door, THEN you hand over the cash.
>>>
It sounds like Japan is the place for me. I don't trust banks or stores enough to get a debit card, since I feel it's just like cash but more vulnerable. With a debit card a person simply needs to steal the number and empty-out your savings. I already had that happen once where a person on th
Re: (Score:3, Insightful)
Perhaps you should think about organising your money a little differently. I have 3 accounts: Savings, Dumping account (where my pay cheque gets "dumped" into) and my spending account. I pay rent and bills from my dumping account when I get paid. I then put some into my savings account and then pay myself what I need for the month into my spending account. The only debit card I use is for my spending account, ensuring that if anyone manages to commit fraud on that card, the maximum I lose is 1 month plus wh
Re: (Score:2)
>>>The only debit card I use is for my spending account,
Why would I choose the more-complicated solution of managing 3 different accounts when I can choose the simple solution of not getting a debit card? Your solution makes no sense. Like driving from Philadelphia to Pittsburgh by taking a detour to Miami.
I'd rather just stay with credit cards, that way when someone steals, they don't steal from my account - they steal from VISA's account.
Re: (Score:2)
Er...it's not a solution to the debit card problem, it's a solution to organising my money in a way that I never have to worry about spending what I don't have and gives me peace of mind. The side effect is that I can use a debit card and also not worry about being robbed blind.
The reason for using debit over credit is that you don't put your credit at risk. Forgetting a credit card bill can damage your credit rating, even if it's just with your bank. For many people (and not just plain old irresponsible on
Re: (Score:3, Informative)
The loss didn't come from VISA's wallet either, it is the merchant that got stiffed. Credit card companies are completely unaccountable, despite charging through the nose for their services. It's right there in the contract everybody has to sign to deal with them...
Re: (Score:2)
Japan is moving towards cashless pretty fast these days.
Aside from credit cards now being widely accepted (with no surcharges like there often used to be), there are various touchless payment systems in use (and they are mostly compatible).
For example, I have a Suica card which I can load up with money. I can then pay for train, subway, bus and some taxi rides with it, and many convenience stores now accept it too. Around train stations, even some larger shops and restaurants accept it now. You don't even n
Re: (Score:3, Interesting)
Here in China, not only is cash on delivery very common, but also the option of debit card on delivery. Last time I ordered a wireless NIC, it was carried to my door by a postman with a frickin' mobile debit card reader. I swept the card through the reader, checked the sums, entered my password and it was done.
Debit cards are much safer -- you'll always need to enter the password to draw money from your account.
Re: (Score:2)
*That* is the main problem: trust and security, which turns out to be *respect* (a strong word for Japanese and other Asiatic cultures, and a weak word for "western"). Here in "western", we think in respect as up to the "is it legal?" level, while more advanced societies goes beyond that level.
Re: (Score:2)
Perhaps we should revive the word "honor". At one time damaging an American's honor meant opening yourself to being murdered by duel. If you impugn my reputation or honor, your life may be forfeit. I nominate AIG executives for that. AIG versus the People in single-shot combat.
Re: (Score:2)
Not sure I missed some sarcasm, but I think there is a truth in your comment :-) If someone lacks respect to others, they should be accountable for that. I mean, it should suffer severe consequences instead of getting huge bonuses ;-)
Re: (Score:2)
That's a little oversimplified don't you think? The basis for Western society is the rule of law. While it does have some downsides it has a lot of upsides too. I wouldn't call Western society "less advanced". It's just different.
Re: (Score:2)
Well, the U.N. and some Russian dude recently called for a global currency, if such a thing were to happen it would likely become cashless. I'm not sure how many people realize that the vast majority of wealth is not in paper form, nor could it be.
I remember hearing about a particular African country that had already gone cashless, that tourists basically changed money in for an ATM card at the airport, but couldn't find any references to it, just something about Nigeria moving towards a cashless society: h [africanews.com]
Re: (Score:2, Funny)
I'm not sure how many people realize that the vast majority of wealth is not in paper form, nor could it be.
Yeah, it's in the imaginations of people who buy financial instruments like stocks and bonds.
Re: (Score:2)
Stocks and bonds have value. Each piece is a portion of the value of a company, or government. Other forms of wealth include:
- your land
- your house, your car, your furniture, your electronics and other toys (depreciating with age)
- oil, corn, wheat, soybeans, cattle, et cetera
- gold, silver, and other metals
Re: (Score:2)
Sounds like a "gold standard" argument.... The best standard of all is: absolutely anything. You can use gold, lead, or bananas if you want. And people do -- it's called a futures market.
Basing all of your wealth on bananas might sound silly, but there are doubtlessly people who have made millions doing just that. Fruit, gold, and "trust"
Re: (Score:2)
People will not give up their cash without a fight? Just like people won't give up their rights without a fight, hey?
We've already taken a giant leap towards a cashless society, with two inventions that we all love: the internet, and mobile phones.
When I sit down and actually look at the majority of my transactions, they're already occurring electronically, via the internet. Amazon, eBay, electronic banking, booking airline tickets, booking concert tickets, supermarket shopping. That's all cashless. I would
Re: (Score:2)
Not to mention Drugs hookers and blackjack (or whatever that damn meme is :)
Re: (Score:2)
The last two are nebulous, but the first is obvious. *You own your body.* Anyone with an IQ of 90 or higher can understand that argument, and if you own your body you also own the things it can do, like use your brain to form an opinion. Or open your mouth and express that opinion (the right to speak).
Oh....and don't give me the argument that speech is limited. If you're on somebody else's property, and you start shouting, they can certainly force you to leave, but they can't stop you from speaking. Yo
Re: (Score:2)
The last two are nebulous, but the first is obvious. *You own your body.*
Living people's genes can and have been patented, so that's not as obvious as it seems.
Re: (Score:2)
Re: (Score:2)
What about small transactions? Do you pay for a loaf of bread with cash? What about two drinks in a bar? A cheap train ticket? A taxi? Entry fee for a nightclub?
Those are the only things I use cash for (in the UK).
Re: (Score:2)
> People will not give up their cash without a fight
We gave up our gold and silver for paper.
"...But after all, it is the leaders of a country who determine the policy, and it's always a simple matter to drag people along whether it is a democracy or a fascist dictatorship, or a parliament, or a communist dictatorship. Voice or no voice, the people can always be brought to the bidding of the leaders. This is easy. All you have to do is tell them they are being attacked, and denounce the pacifists for l
Re:Cashless Society (Score:5, Funny)
Re: (Score:2)
I'm pretty tired, and believe it or not, I misread "cashless" as "cacheless" anyway...
Re: (Score:2)
That was a joke! (Score:2)
Seriously though, caches are good. Worrying about credit card numbers being cached is as bad as promoting security through obscurity. We should be moving to a system that doesn't rely on "secret numbers," but instead makes use of multiple factors from the time-tested triumvirate of "something you have," "something you know," and "something you are." Something you know alone just isn't good enough for this day and age.
Google is just doing what Google does.
Re: (Score:2)
Re: (Score:2)
That would be nice.
How many times have we read passionate arguments that "nobody should be in prison for non-violent crimes!"
Remember this story the next time you see those stupid posts modded +5 insightful.
Re: (Score:2)
>>>"nobody should be in prison for non-violent crimes!"
That should be - Nobody should be in prison for victimless crimes. Like smoking marijuana, or driving too fast. But someone who engages in non-violent crimes like theft, should definitely be held accountable, since they have victimized someone & infringed upon another's rights (right of property).
Re: (Score:2)
He should certainly not go to jail. That is simply not justice at all. He is directly responsible for several deaths. He contributes nothing, while at the same time ruining people's lives, not to mention ending them. He should be tortured to death. Over a period of about 10 years.
Re: (Score:2)
Hey!! I have a great Idea for that secondary verification system!
The credit card companies just need to give the credit card holders little, colourful, pieces of paper with currency amounts printed on them. When someone makes a monetary transaction with the credit card, they also have to hand over the right amount of those pieces of paper!
Ehhhhh.... Waitaminute .....
Re: (Score:3, Interesting)
Nope. A real cashless society is going to require stronger means of authentication for financial transactions (like public-key cryptography to sign billing statement, etc).
Currently, credit cards are absolutely insecure.
Re: (Score:2)
Nope. A real cashless society is going to require stronger means of authentication for financial transactions (like public-key cryptography to sign billing statement, etc).
Currently, credit cards are absolutely insecure.
Something like EMV [wikipedia.org] brings a lot of benefits. See Chip+Pin [wikipedia.org] for the UK implementation.
When paying by card in the UK (and a lot of other countries), you must provide a PIN number. A thief can't use a stolen card in a shop or an ATM (they don't know the PIN). They might be able to use it on the internet, but when paying online my bank has a system that redirects me to the bank's site, authenticates me, then confirms the transaction to the retailer.
Thieves can (and do) copy the card number and produce fake cards
Re: (Score:2)
One thing that concerns me about chip and pin is if a criminal does manage to get your pin (e.g. through a hidden camera or just plain old shoulder surfing) then his authentications are indistiguishable from yours.
So if the bank were to accuse you of lying when you reported such a fradulant transaction would have no evidence otherwise.
Re: (Score:2)
sorry that last sentance should have been
So if the bank were to accuse you of lying when you reported such a fradulant transaction there would be no evidence to show otherwise.
Re: (Score:2)
I am cashless already, you insensitive clod!
Re: (Score:2)
They will propose the chip as the solution.
Re: (Score:2)
It's gonna be interesting when we finally move to a cashless society. Things like this will be unforgivable in such a society. That is, we will have to have solved this problem, by and large, of card theft and purchase fraud.
Perhaps the solution will be similar to that in the (underrated) world of Max Headroom, where credit fraud is punishable by televised public execution. And if you like American Idle (sic.), you're going to love "You, the Jury."
Shoot the messenger! (Score:5, Insightful)
It's not a problem with the idiot sites that let unprotected critical information out on a public accessible net and in addition omitted to place a well placed robots.txt, no...
IT'S GOOGLE'S FAULT!!!
Re:Shoot the messenger! (Score:5, Funny)
Google should take SOME blame.
I held a robots.txt poster up at my window and google streetmap still photographed it.
Re: (Score:2)
Re: (Score:2)
I don't think that the streetview camera car is actually a robot, so of course that wouldn't work.
Re: (Score:2)
didn't you understand?
The robots.txt is not designed for security, but it will stop google from placing content into it's cache where clueless admins are unable to purge it themselves after they finally discover have been hacked.
er what (Score:5, Insightful)
How is putting all your customer's credit card information online so it is publicly available, and crawlable, Google's fault? What is the known issue? People are stupid?
Re: (Score:2)
Re: (Score:3, Interesting)
For my website, I share a server with a bunch of other sites. I was poking around /tmp one day and came across dumps of credit card information. I forget the website, but apparently they thought /tmp, with global read permissions, was a safe place to generate HTML after a transaction. I reported it to the hosting service and the offending website fixed their scripts.
Luckily, credit cards have strong protections, so you aren't responsible for any fraud charges due to these leaks. Just check the charges every
Whirlpool thread (Score:3, Informative)
This was first mentioned on Whirlpool, I was reading the thread. It appears to be deleted now however:
http://forums.whirlpool.net.au/forum-alert.cfm?a=priv-deleted&t=1165021&v=0 [whirlpool.net.au]
Re:Whirlpool thread (Score:4, Interesting)
Ironically, the Whirlpool page is still available in the google cache [74.125.95.132] of the thread.
What I want to know is why the CVV numbers [nasa.gov] were there and for what merchants, as they are not supposed to be cached according to the Payment Application Data Security Standard (PA-DSS) [visa.com].
Who are the lucky ones? (Score:4, Insightful)
Re: (Score:3, Funny)
Re: (Score:2)
But google for it WITH quotes, or you get an heart attack when you see the "Results 1 - 10 of about 2,000,000" that get's returned when you Google without quotes.
Re: (Score:3, Funny)
Fool me seven times, shame on you. Fool me eight or more times, shame on me.
I hardly think there's an issue with Google. (Score:5, Insightful)
> The cause appears to be a known issue with the Google search engine
More like the usual issue with idiots who fail to adequately protect, secure and dispose of this sort of data in the first place. "Sensitive directories" have absolutely no business ever being readable from the web.
Company executives and IT administrators who allow this sort of security breach need to start doing hard jail time. Until this happens we'll be reading more and more of these stories by the week.
Re:I hardly think there's an issue with Google. (Score:5, Interesting)
Re: (Score:2)
From what I can see the unprotected directory is a *deliberate* setup by perpetrators who compromised a number of merchant sites.
The compromised servers send the CC transaction details to the unprotected site (now suspended by the registrar) for easy retrieval by the perps.
The security breach obviously happened on the individual merchant sites, the leaking unprotected directories on the hackers' drop box is just a symptom.
Somebody check if all merchant sites use a common web shop application?
Misplacing blame on google (Score:5, Insightful)
From both the article and the summary re:
The cause appears to be a known issue with the Google search engine, in which the pages of defunct web sites containing sensitive directories remain cached and available to anyone
This makes it sound like the issue is with google's search engine and makes light of the real issue which is that at some point this information was published for all the world to see (or search engines to index) and anyone to cache (or write-down, or memorize).
Insisting on search engines removing removing this information from their indexes and remove it from their caches is just sweeping the problem under the rug : you or I taking a quick peek on the internet to see if our credit-card infomation has been published anywhere would get a false sense of security if the search engines pretended it wasn't there and that security breaches had never happened.
*tin-foil-hat-time* It seems analogous to re-writing history books to cover up prior misdeeds.
Exactly (Score:2)
Internet Finance (Score:4, Interesting)
The only time I "buy" anything on the Internet is when or if the company has a 1-800 number so that I can place an order over the phone. Same with banking, which I do over the phone or at an ATM that I know. It's too easy for things to go wrong over the Internet, and too many incompetents that are running businesses (on the Internet).
Re:Internet Finance (Score:5, Interesting)
Yes, but more frequently the sales people on the end of the phone are using the same web-based system as is on the internet. I even went into an electrical store the other day and the customer service chap went onto a website to check stock.
Just because you're not buying over the internet, doesn't mean there isn't a computer system somewhere storing details you didn't expect in a place you didn't expect...
Re: (Score:2)
See here [bbc.co.uk]
Call centres are manned by people, who can write down anything you say.
Re:Internet Finance (Score:5, Insightful)
But much easier for someone to simply make a copy of the details. I find that my credit card info is treated much more carelessly during card present transactions. Credit card is printed on a bill. Where does the business owner keep their copy? Who all can see it? I've even had my card number written on the top of my order. In some of the places I've done tech support I've seen sheets laying around with credit card numbers. It's nice to know that even the janitor can steal my credit card info.
Also larger retail stores feed your numbers into "complex automated software". Think TG max who was a huge source of stolen credit cards and guess what? As of last summer they still hadn't bothered to secure anything.
I make a ton of transactions online and only once have I had fraudulent transactions on my credit card. That once was the local pizza place
Re: (Score:2)
Re: (Score:2)
Yes, because buying things over the phone or in store [computerworld.com] will never [thebostonchannel.com] result in a breach [istockanalyst.com].
Oh, wait...
Those three stood out in my mind since we were affected by all of them. There are others, I'm sure. In the first two cases, our credit card information was compromised despite the fact that we shopped in-store and not online. In the third case, our information was compromised at the processor level, so it really didn't matter where we shopped. Face it, no matter where you shop, your information is in the hands
Can some American please explain to me... (Score:5, Insightful)
...why anyone would use a payment system, with no safety at all?
What I mean, is that to pay with credit cards, from what I know, you only need the data that is written right on the card. And maybe sign the payment, like you sign any contract...
Is that really how it works? Because if yes, then why in the word does anyone even consider using something like that?
I'd rather go back to bartering goods, than something like that.
When I do payments, I either do it with a bag of fixed-value credits. Like real cash in a wallet, or digital cash in a digital wallet (what we in Germany call "Geldkarte"). (Both can be filled/loaded like you fill your wallet, and when it's empty, it is empty. Additionally both are detached from the bank account. Unlike a credit card.)
Or I do it with a secure system that needs what I have, what I know, and who I am. Like a cash card. Or secure online banking with a keycard. (Both use a keyfile, that you decrypt by entering a code into a secured device with its own keyboard [and display], to create a secure channel, to transmit payment instructions, that only result in payment, if the server allows payment for that account at that moment.)
Or is it, because you have not much of a choice?
Please do not see this as a rant (it isn't one), because I really am interested in understanding this.
Re: (Score:2)
What I mean, is that to pay with credit cards, from what I know, you only need the data that is written right on the card.
No - in order to actually get paid, the merchant must also wait a few weeks in case the customer disputes the charge (and issues a chargeback).
Hence, the person using the credit card doesn't bear much risk, but the merchant that accepts them does (if he delivers goods and services, gets "paid" by credit card, and the charge gets disputed, he's out the money and the goods and possibly ge
Re:Can some American please explain to me... (Score:5, Informative)
In the UK at least, your transactions are guaranteed by the credit card company. So it's often actually recommended that you purchase things online with a credit card, because if you get ripped off, the goods are defective, or the merchant goes bankrupt etc, the card company has to refund you. This is enshrined in law under the Consumer Credit Act. On the other hand, if you pay with a debit card or other direct payment, your money is gone.
Re:Can some American please explain to me... (Score:4, Informative)
I'm not American - and I wonder about the op's premise as I thought most countries had moved (or were moving) to PIN-numbers rather than signatures to verify in-store transactions.
Regardless, credit cards are very safe for Europeans because of the extra protection they provide to consumers.
In Ireland as well as the UK - and most other European countries - there is a version of the Consumer Credit Act. It treats all purchases on the card as, unsurprisingly, a type of credit agreement. This is a very powerful and pro-Consumer thing, providing lots of protection for any who cares to look into it, e.g. chargeback.
True, a lot of these 'safeties' was introduced in an attempt to make the cards more secure - don't forget the premise of credit cards has been around for many, many decades and, during that time, the type of fraud perpetrated against credit card users has become more and more complex.
It's also well documented that Germans (culturally/in general) have an aversion to credit cards for a number of reasons; from 'all credit is borrowing - and borrowing is bad' (note the low rate of borrowing in Germany) to a series of pre-existing methods of paying for goods and services easily at a distance (e.g. in Germany, there is the long standing inter-bank transfer system; very cheap and secure to use inside the borders of Germany but, until very recently, was astronomically expensive for anyone in another country to transfer money to).
So why do I use a credit card? A large number of international traders accept credit cards, doesn't cost me any extra and I get points on my Sony card for every purchase I make. I am not liable for any fraud/misuse of my card. I suspect it's the same for Americans and most people who use credit card. Having the advantage of being European, I also have a lot of legally enforceable extra protections that I'm not sure Americans have in the Consumer Credit Act.
I also do use bank transfers to pay for stuff. Usually only to Germany because Germany is one country where their banks are pretty secure. And only in recent years - because, thanks to an EU Directive, the astronomical cost of transferring money across borders to another member state of the Eurozone has plummeted (note: UK not member of Eurozone, so a UK consumer could still face high charges).
I also have the protections of the Distance Selling Regulations when buying from Germany, but I would never transfer money via bank account outside of Europe.
As for 'reloadable' cards, for me they are slightly more expensive and don't offer me any incentive or attractiveness to use, and are not universally accepted.
Debit cards don't seem to be standarised internationally - or even across the EU - so are not really viable as a payment method.
Re: (Score:2)
Re: (Score:2)
Not by law.. a debit card has no more protection than a cheque.
The bank *may* choose to reimburse you for such thing, but you're far safer using a credit card.
Re: (Score:2)
"Not by law.. a debit card has no more protection than a cheque."
Which is probably more than you think. For one, a bank can't just hand your money away to someone for a fraudulent debit card transaction or a faked cheque. If you wish to argue that you didn't authorise a transaction then they have to be able to prove otherwise if they want to avoid giving you your money back.
You can't fiddle the system because say your card was used without your permission to buy a flatscreen TV online, the bank could contac
Re: (Score:2)
Debit cards are protected too. I've had my card details stolen and used, and I got my money back. I've had bad (non-existent) service from a few companies, and the bank has given me my money back. In no case has my money just been "gone". I don't have a credit card at all, and I've never lost money from an online transaction. Less FUD please.
It's not FUD.
Under the consumer credit act, when credit is extended for a purchase by a consumer, (for at least 100GBP) the credit company becomes jointly and severally
Re: (Score:2)
Your money is gone until you call the bank and they replace the funds pending an investigation. If you have $1000 in a checking account and someone fraudulently charges $1000 to that account's debit card, of course you can dispute the charge and likely get your money back. Your balance, however, is $0 *until* the bank replaces the money. E.g. if you had auto bill-pay run the same day for $200 and didn't see the $1000 fraudulent charge until the next day or received an overdraft notice, you'd overdraft by $2
Re: (Score:2)
Re: (Score:3, Informative)
In America, if your card is used fraudulently you are only liable (by Federal law) for the first $50 and even that is waived by all of the major credit card companies. Debit cards have no such protection enshrined in Federal law. Many banks have started to offer similar protections on their debit cards, but you would be dealing with bank policy as opposed to Federal law.
Re: (Score:2)
I'm not American, but I can explain the idea to you.
Every decision that introduces a system or process of some sort (doesn't have to be a computerised one, just a system or process) inevitably means that you make a compromise between risk and benefit.
If nobody ever exchanged goods, the risk of losing goods in dishonest transactions or from being mugged would be much lower. However, we'd all be living in caves gathering berries and hunting animals.
Along comes bartering and suddenly those who have an unusual
Re: (Score:2)
For about a year now, I have signed (where requested) the credit card transactions with fake signatures (something that looks like a sig, but isn't mine). No-one cares enough, as I haven't been caught at it even once.
Money still gets withdrawn from my account, though.
Re: (Score:2)
p.s. That's in Denmark.
Re: (Score:2)
Re: (Score:2)
Nobody checks signatures.. that's why many countries went to pin entry.
Of course pins are just as bad..
1. If someone gets your pin they can reproduce it 100% accurately every time, unlike a signature. Since a pin is only 4 characters it's trivial to remember.
2. Many transactions don't use the pin - the local supermarket auto checkout doesn't require a pin, only the card. Also all the cities car parks are the same.
3. When you're paying for something how do you know they aren't skimming the card (90% of sho
Re: (Score:2)
We're liable - by federal law - for a maximum of $50 if our cards get misused. So it's not a terribly big deal in that sense.
More troubling are the difficulties you have to go through to undo identity theft, but that has little to do with the credit card payment system you're referring to.
the answer is simple (Score:2)
the cost of setting up a new system is higher than the cost of paying for all of exploits
for the companies that is. for the individuals, your credit is destroyed, you have to spend hours cleaning up the mess, etc.
unfortunately, not enough have been victimized to make much of a ruckus. nor have the exploits been of the scale (yet) that really cost the providers dearly
but that day will come. then we will get a more secure payment system
the consumer is ignorant. the providers are content. and the tsunami is ov
Re: (Score:2)
That's really how it works.
From the consumer perspective:
If my card is stolen, my maximum liability is $50 or less. It's usually $0. It's annoying to have your card stolen and put a stop on everything, but it's a
It's Google's fault (Score:3, Insightful)
And the Watergate was Washington Post's fault!
known issue in Google (Score:3, Insightful)
What the FUCK?
There is a "defunct web site containing sensitive directories" that exposed secret information to the public for anyone to see, and now it's Google's fault that it cached that information?
Newsflash: Security that relies on "nobody knows this URL" is NOT SECURITY.
Re: (Score:2)
Not only that, but for Google to index it, Google had to know it was there! That means that either someone manually added that URL to Google, or it was linked from somewhere at some point.
Google isn't magic, and it isn't the source of the problem.
whirlpool discussion threat (Score:5, Funny)
ITNews links to a discussion threat at whirlpool.net.au which has been deleted because it is "handeled by the authorities".
And again it is a known issue of Google which reveals the deleted thread: http://209.85.229.132/search?q=cache:uf9L_DtjAzYJ:forums.whirlpool.net.au/forum-replies-archive.cfm/1165021.html+http://forums.whirlpool.net.au/forum-replies.cfm%3Ft%3D1165021&cd=1&hl=en&ct=clnk [209.85.229.132]
- Martin ;-)
Comment removed (Score:4, Interesting)
Problem with google? (Score:3, Insightful)
Isn't it more a problem with websites that allow a spider to read what should be a secure directory?
19,000 Active US, UK Credit Card Consumers (Score:2)
Other banks or the people data mining you.
Paying a credit card consumer breach 'fine' every so often is still cheaper than the real expense of on going consumer security.
If congress looks, any credit card company can swear they have the best security in place..
A line of top university security experts and other independent experts would tell of how the company to company transactions are secure..
Just not for you as a c
CC #'s in Google Search Cache? (Score:3, Insightful)
Just out of curiosity, how was Google's Crawler allowed to FIND the information in the first place to put it in the cache?
You don't suppose that maybe the problem is in the ORIGINAL server allowing too much access, do you?
Google just "remembers" your mistake for a LONG time.
Re:PCI DSS (Score:4, Insightful)
What, now Google is meant not to index pages which have card data on them? How exactly is that even possible?
You can bet your boots that Google Checkout is PCI DSS-compliant.
Re: (Score:2)
Re:PCI DSS (Score:4, Insightful)
Oops, you just killed a valid webpage:
http://www.merriampark.com/anatomycc.htm [merriampark.com]
*grumble* trigger-happy regexp jockeys *grumble*
Re: (Score:2, Interesting)
Ok, by your logic all I have to do to make slashdot fail compliance is post my credit card details.
No: 5434 6625 8876 1272
CVV: 854
Exp 09/12
So how would slashdot know if that post contains valid card info or not?
Or even better, I could email this information to my competetor, then ring them and point out that they have failed compliance, as they have unsecured card information stored on their systems.
Re: (Score:2)
Cheers for the Phenom 2 :)
Re: (Score:2)
Damn you, sir! You win this round...
Re: (Score:2)
2. I'm sorry you missed the subtle reference to the inevitable litigation surrounding issues like this.