OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Re: [Dataloss] (update) eBay forum mysteriously leaks account details on 1, 200 users

From: Avery Sawaba (avery.sawabagmail.com)
Date: Wed Sep 26 2007 - 13:06:11 CDT


CVV is definitely used online, or anywhere a merchant wants to reduce
risk (and therefore the rate they are charged by their processor). The
security code concept is supposed to be a greater guarantee that the
person using a card has it in their physical possession, since the
only place you are supposed to be able to find it is physically
printed on the back of the card. Its purpose is very similar to that
of a PIN number.

The only time security codes are requested (or should be requested) is
right before a transaction is processed. The codes are validated in
real time.

--Sawaba

On 9/26/07, Cory Gould <corygouldgmail.com> wrote:
> Why would ebay have credit cards to begin with, unless paypal was breeched
> and the ebay discussion group used to spread the word. Also, correct me if
> I'm wrong but I don't believe paypal/ebay requests CVV2 information when
> signing up anyway. In fact, the only time I'm required to give out that
> information is when using a credit card over the phone, never online.
>
> On 9/26/07, Avery Sawaba <avery.sawabagmail.com> wrote:
> >
> > On 9/26/07, Arsen Shirokov <1and1canadaballoons.com> wrote:
> > > The fact that the data was posted on eBay forum doesn't necessarily
> > > mean it was stolen from eBay.
> >
> > Hence my disclaimer, "If this information is accurate". The fact that
> > CVV2 data is included may help disprove their claim, as it is highly
> > unlikely that someone like Ebay would be foolish enough to do so.
> >
> > --Sawaba
> > _______________________________________________
> > Dataloss Mailing List (datalossattrition.org)
> > http://attrition.org/dataloss
> >
> > Tenable Network Security offers data leakage and compliance monitoring
> > solutions for large and small networks. Scan your network and monitor your
> > traffic to find the data needing protection before it leaks out!
> > http://www.tenablesecurity.com/products/compliance.shtml
> >
>
>
_______________________________________________
Dataloss Mailing List (datalossattrition.org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml