Capital Collect Services - преступная халатность или неумение работать ?

Замечу , найдена или нет в итоге уязвимость - я до сих под так и не знаю, так как "находили" все новые и новые дыры за эти почти 6 месяцев НЕОДНОКРАТНО.

Что я рекомендую сделать НЕЗАМЕДЛИТЕЛЬНО - если вы пользуетесь их картами (Chexcard EBSG ATM Card) поменяйте пин-код. Вся личная информация, которая хранилась на сервере и пины к картам, давно имееются в распоряжении у злоумышленников.

Сделать это можно либо с сайта http://www.chexcard.com/ (эта ссылка есть на бумажках с пин-кодом, которые вы получили вместе с картой) или на сайте эмитента этих карт http://www.ebsg.net/

В данный момент имеется неурегулированная задолженность, по сделкам проведенным около месяца назад, которую владелец компании отказывается погашать. Мотивируется это тем, что я сам во всем виноват, а то, что я получил в явном виде от него лично и от его сотрудника подтверждение легальности происхождения денег на счетах этих клиентов ничего не значит.

Если Вас интересует полная версия изложения событий - вы можете прочитать ее по этой ссылке (PDF) или по этой (HTML)

Capital Collect Services - сriminal negligence or inability to work?

First of all,
around of November 17, 2006 Capital Services payment server was compromised and hackers had FULL access to this server until April 24 2007.

I don't know if this vulnerability was fixed, since in last 6 months they have found multiple security problems with the system.

In present time I'm strongly recommend to change pin code immediately if you are using they card (Chexcard EBSG ATM Card). Hackers were able to get full access to ALL personal information (personal info, passwords, code card, ... etc.), including pin codes, which was stored on the compromised server.

You can do it from http://www.chexcard.com web site. You can found this link in the document which you got with your card. Or you can do it on the web site of the card issuer http://www.ebsg.net

In present time we have dispute about unsettled amount regarding transactions, which was made about month ago. Despite of the fact that I'm personally received approval for those transactions from the company staff members and from the owner, they keep disputing legality of those transaction and rejec obligation to honor them.

eCoin.cc: новые песни о старом от CapilalCollect ?

From EBSG to CAPITAL COLLECT cardholders:

On Saturday, September 8, 2007 tremendous amount of activity was observed on Capital Collect cardholders. We immediately investigated the incident. Over the next day, we concluded that the activity was isolated to Capital Collect cardholders only. We worked diligently to freeze all accounts involved. Over the last two days, we have been analyzing these activities. We have concluded that :

This was an isolated event, which was due to Capital Collect’s negligence. Please contact Capital Collect if you have experienced any losses.

The system is safe because PINs are generated in accordance with industry security standards in a Network Security Processor (NSP) that is not connected to the internet and stored in encrypted format only. The PINs are always communicated in encrypted format and are created systematically without human access.

We have no other prior systemic issues.
We apologize for any inconvenience you may have experienced and strive to provide the best of services.