Credit Cards, BreachCenter, T-Mobile, Oh My...

2009-06-09 by Lyger Dl-capone

It appears that Capital One has announced a new program for helping non-profit organizations to raise funds (see picture). According to the plan, all rewards earned on these cards, including one percent of net purchases and an additional $25 with the first purchase, go directly to support the affiliated nonprofit organization. As a 501(c)(3), OSF is wondering if anyone might be interested in obtaining a DataLossDB Capital One card to make donating easier (and to help the economy!). We're also accepting other ideas for card designs, such as "CHECK ID" on the front (thanks, Sullo!). Please contact us if this idea interests you or if you have any suggestions.

Also, we would like to announce that BreachCenter.com is now online. Intersections Inc. has partnered with Financial Services Roundtable and ITAC, the Identity Theft Assistance Center, to provide this service, and OSF is contributing information on recent data breaches to the site. BreachCenter.com also features news and opinions from the ITAC blog. Please check them out when you can.

Lastly, T-Mobile has been in the news recently regarding an apparent data breach, which may or may not have involved its customers' personal information. According to USA Today, "The document 'copied' by the hacker Pwnmobile did not get into his hands via a hack, the company says. Information in the document is legitimate T-Mobile data, but is not customer information. Investigators can't yet say for certain how Pwnmobile got his mitts on a copy of the document." So while details are still sketchy, we're following the story and will post information to the DataLoss Mail List as it becomes available.

More news to follow later in the week!


COMMENTS

by Anonymous on 2009-06-09 (9 months ago)

Last time I read agreements merchants are not to check for IDs. Are we assuming no one can forge one? How about "please do not accept if not signed" printed in bold on the front?

by Lyger [Data Loss Maven] on 2009-06-09 (9 months ago)

Anonymous: If you lose a signed credit card, chances are I (or someone I know of your gender) could forge that signature much more easily than you could "forge" a photo ID. For what it's worth, I haven't signed a credit or debit card in ten years; not once was I refused service and only three times was I asked for ID. YMMV. If you have any aforementioned agreements in digital form, can you please email a copy to curators@datalossdb.org?

by Anonymous on 2009-06-10 (9 months ago)

I have 4 credit cards laid out before me. 3 of them say "NOT VALID UNLESS SIGNED." Discover is the only one that feels like giving the cardholder discretion in the matter, I guess.

But, as you intimate, it doesn't matter whether you sign it or not...the cashier isn't going to ask you for ID. And if a store implements a policy to check IDs on every card transaction, it opens itself up to greater liability for fraudulent charges.

And I vote for an OSVDB logo, because that's how I roll.

by Anonymous on 2009-06-13 (9 months ago)

We'll make two cards, both logos :)

New Comment

simple_captcha.jpg
(type the code from the image)


Back

Incidents:

Data Types:

Sectors:

Sources:

Breach Types:

Sponsored By: Credant_200x51 Tenable Pgp_logo Zecurion
Permission is granted to use this database in non-profit works and research. Use of the DataLossDB, and its exports, RSS feeds, reports, or other materials produced on this site by the Open Security Foundation for commercial interests requires authorization and licensing arrangements. For more information, please e-mail curators@datalossdb.org with a brief summary of how you would like to use this information; product, service, research, etc.
© 2005 - 2010, Open Security Foundation, All Rights Reserved.