They are held at a higher standard. CC processors have to be PCI (payment card industry) compliant. Which is a much higher standard beyond normal network security. Same thing with Banks, brokerage firms, hospitals. So on so forth.

Interesting. I suppose we all should have researched this further before giving it credence.

I see where your team spoke about this months ago:

http://seclists.org/fulldisclosure/2010/Aug/193

I had never heard of these guys before but now I will research them and see if they have tried this in the past with others. If so I will make sure more people know about them.

Hey Ron nice of you to stop in...also nice to meet you by the way. I also know some individuals that have recently been scammed.

There seems to be plenty of that going around these days. If I am not mistaken one of the scammers were of Nigerian origin. Another seems to be of American origin.

I wonder if you would mind posting the contact info or the gmail email account so that some of us may give the nigerian scammers a piece of our mind as well.

You say they created a "fake" security page and tried to extort 10k from you guys for a fix? Man that is pretty crass.

It is also very reassuring to know that all of my data as a client is secure and that you guys take data integrity so seriously.

After all what is really being sold here is confidence and a processing companies success is only as good as its clients confidence in it of said "data integrity"

Please post the contact info for the scammers would love to communicate with them.

Also thanks for the "hey if its on the internet its true" comment, I am still chuckling uncontrollably from that one:)

Dear Britney,

I am writing today to let you know how awesome you are. Your music is great and it always picks me up when I am down. My cousin is a singer but she is not as good as you.

Remember that one time they asked you in an interview if you were a virgin and you said you were but it turns out you weren't? Well, that was pretty rude of them. Please give me the email address of that interviewer. I'd love to give them a piece of my mind.

Hey Britney, would you mind mailing me back with your concert dates? I'd love to see one of your shows.

Anyway, I feel some sort of closeness with you after writing this. I hope that you'll send me an autographed picture.

Fondly,
Your #1 Fan

there's too many eager hackers in Russia & China for this to not be a joke..

:2 cents:

I worked for an e-commerce company that went through PCI compliance for all its servers and it is extremely thorough, and as I understand it anything that stores CC data has to be PCI compliant.

Reading this thread had me shaking my head.

Why would you give credence to a company issuing an advisory when they have an about us page like this

Doing a WHOIS on the domain reveals Polish contact details with a hotmail email address. Very professional.

Look at the credibility of the web site - it was registered in 2009 and is obviously, I mean so scammer obviously, bogus.