BreachExchange mailing list archives
Re: Unnamed Acquirer Processor Breach Timeline, some additional confirmation
From: "DAIL, WILLARD A" <ADAIL () sunocoinc com>
Date: Thu, 26 Feb 2009 11:31:55 -0500
An important distinction, I think is issuing bank vs. acquiring bank. Imagine the Visa interchange as a cloud in the middle of a page. To the right are the issuing banks. They carry all of the liability for fraud and their customers are the consumer, who uses the credit card. They make their money in interest and fees associated with the consumer's use of the card. To the left of the cloud is the acquiring bank. Their customers are merchants, who they sign up to accept credit cards. These banks make their money from transaction fees levied on the merchant. Sometimes, an entity can be both an issuer, an acquirer (or a gateway, service provider, or any number of functional designations), but not always. The breaches we're hearing about are on the acquiring or settlement side. The issuing banks don't usually participate in PCI DSS (unless they are issuing cards from a BIN range owned by another bank as part of a lease agreement) because they carry all of the liability. It is these banks that will sue the acquiring banks for the costs of fraud and reissuance. Sorry for the tangent, but context is always nice. Andy Dail, CIPP, CISSP, CPISM/A Information Compliance & Security Manager -----Original Message----- From: dataloss-bounces () datalossdb org [mailto:dataloss-bounces () datalossdb org] On Behalf Of *Hobbit* Sent: Thursday, February 26, 2009 8:42 AM To: dataloss () datalossdb org Subject: Re: [Dataloss] Unnamed Acquirer Processor Breach Timeline,some additional confirmation What seems likely to happen along with all this and future disclosures, is lots of legalese flung about geared toward the credit outfits weaseling out of the $50 maximum customer liability. If it hasn't happened already, I don't really follow the credit side of things. But you can bet your own bottom dollar that the "safety guarantee" I so often hear associated with plastic will be a thing of the past as the fraud picture gets worse. Maybe this will start to finally wean people *off* the damn things. _H* _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) CREDANT Technologies, a leader in data security, offers advanced data encryption solutions. Protect sensitive data on desktops, laptops, smartphones and USB sticks transparently across your enterprise to ensure regulatory compliance. http://www.credant.com/stopdataloss This message and any files transmitted with it is intended solely for the designated recipient and may contain privileged, proprietary or otherwise private information. Unauthorized use, copying or distribution of this e-mail, in whole or in part, is strictly prohibited. If you have received it in error, please notify the sender immediately and delete the original and any attachments. _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) CREDANT Technologies, a leader in data security, offers advanced data encryption solutions. Protect sensitive data on desktops, laptops, smartphones and USB sticks transparently across your enterprise to ensure regulatory compliance. http://www.credant.com/stopdataloss
Current thread:
- Unnamed Acquirer Processor Breach Timeline, some additional confirmation David Shettler (Feb 26)
- <Possible follow-ups>
- Re: Unnamed Acquirer Processor Breach Timeline, some additional confirmation *Hobbit* (Feb 26)
- Re: Unnamed Acquirer Processor Breach Timeline, some additional confirmation Pia Sachs-Donerkiel (Feb 26)
- Re: Unnamed Acquirer Processor Breach Timeline, some additional confirmation Clint P. Garrison (Feb 26)
- I 'know' the name of the new payment processor breach security curmudgeon (Feb 26)
- Re: Unnamed Acquirer Processor Breach Timeline, some additional confirmation Pia Sachs-Donerkiel (Feb 26)
- Re: Unnamed Acquirer Processor Breach Timeline, some additional confirmation Chris Walsh (Feb 26)
- Re: Unnamed Acquirer Processor Breach Timeline, some additional confirmation Pia Sachs-Donerkiel (Feb 26)
- Re: Unnamed Acquirer Processor Breach Timeline, some additional confirmation DAIL, WILLARD A (Feb 26)
- Re: Unnamed Acquirer Processor Breach Timeline Tom Mahoney (Feb 26)
- Re: Unnamed Acquirer Processor Breach Timeline Urban, Michael (Feb 27)
- Re: Unnamed Acquirer Processor Breach Timeline Tom Mahoney (Feb 27)
- Re: Unnamed Acquirer Processor Breach Timeline Urban, Michael (Feb 27)
- Re: Unnamed Acquirer Processor Breach Timeline DAIL, WILLARD A (Feb 27)