For organizations that are not categorized as Level 1 merchants, you need to attest to being in compliance with PCI DSS by completing and submitting the appropriate SAQ and quarterly scan results. Doing ONLY this does not mean you are PCI DSS compliant. It means that you did what was expected of you (at this time) to attest that you are in compliance. KEN
Dear friends of openairboston.net,
Last week marked the 40th anniversary of the first test of the technology that would become the Internet. The engineers working back then could never have imagined the incredible impact that their work would have on our present day world. Internet access has shaped both my career and my personal life. I ask you to take a moment and reflect on the Internet's value to you.
Know that, even in Boston, one of the most innovative cities in America, Internet access is simply unaffordable for the majority of low-income residents and this lack of access has profound and lasting effects. The students in our Boston Public Schools, who without home computers resort to typing assignments on their cell phones, become the job seekers, who without Internet access, cannot complete job applications for even the most unskilled jobs. Without Internet access, these residents rarely find the opportunities to develop the skills they need to succeed in today's workplace.
openairboston.net is a non-profit organization working to erase this inequality and help ALL our residents thrive in an increasingly online world. We bring free Internet connectivity, training and low-cost computers to residents currently left at the sidelines of our connected world. Through our efforts, we have brought an open-source community wireless network in the Fenway and Mission Hill neighborhoods and aim to expand our work to other much-in-need communities. We bring not only connection but also the education necessary to create self-sustaining support and training programs that allow neighbors to help neighbors and fostering true community ownership of these networks.
The word is getting out and our momentum is building. From features in both the Boston Globe Magazine and Mass High Tech to our recognition by the IRS as a 501 c 3 tax-exempt organization, openairboston has both a local and national mandate to expand our work to all the many communities still in need.
Everyone deserves the same opportunity to succeed, to have the access to the technological skills and resources so necessary in today's world. We are working to make this equality a reality and ask for your help in our efforts. Think what it means to you to be connected and consider making a donation to our work. Please consider making a contribution to openairboston with your time as a volunteer to help build our network or train residents, with your connections by forwarding this email to those who may want to join our cause, or with your financial assistance. All donations are welcomed at our website and we encourage you to follow our progress on facebook and twitter.
I hope you will join us. The future of Boston lies before us - let's connect.
This picture is of the commotion near the MGH red line station on Wednesday night after the tunnel fire caused the shutdown of the MBTA red and orange lines.
Original Tweet: http://twitter.com/vcuinfosec/status/4028390977
Sent via TweetDeck (www.tweetdeck.com) Kenneth M. Smith
CISSP CISA GCIH
& Privacy Consulting
Phone: 978-595-1536 (1KEN)
www.Exultium.com Twitter @ken5m1th
I know you get a better exchange rate and all that, but the fact that you ask your customers to write this down on your form means that when it arrives at your location you are now "storing" it, and this is a NO NO. It's intended to confirm card-not-present electronic transactions and the customer themselves should be typing this in. You are putting yourself and your customers at risk by asking for this and storing it.
Not long ago I read this story, "Teller allegedly stole thousands from customers at Peabody bank". I brushed it off at the time. "Jeffrey C. Gautreaux, 25, of Peabody, was indicted in federal court on 17 counts of bank fraud, one count of access device fraud, and two counts of aggravated identity theft for a scheme executed from about July 2005 to June 2006, Acting US Attorney Michael K. Loucks said in a statement." -Source Boston GlobeJust recently I was going though and shredding some older statements and realized that around the time that these crimes allegedly took place, I was the victim of fraud on my Bank of America card. This wasn't a card that I normally used. It had a small balance on it and was rarely used. I remember that the only real 'activity' was that I went to the Bank of America branch (mentioned in the article) and I made a payment with a teller as I didn't want my payment to be late. Then the fun began.It started with missing a statement. When I spoke with their fraud department I was literally interrogated by multiple people on the phone. The were convinced that I was not the owner of the card and were treating me with great suspicion, and finally I found out why. The address on the account, they informed me, was an address in the Bronx. According to Bank of America by account mailing address was changed. It just so happens it was days after I made my payment in person at this branch. Yea, the "change-the-account-mailing-address, wait-for-the-convenience-checks-to-arrive, then-go-spend-those-on-something-expensive scam". The part that didn't make sense is that even if someone were to obtain the account number and expiration date, this isn't enough for them to make an account change like that. Their fraud department insisted that I must have given the information necessary to change the address to someone. This information includes the account number, ssn, birth date, phone number and a few other things that are typical for card accounts. Here's the thing. No one in this world knows the answers to some of the security questions except for me. I can't get into why I know this, but I do.A typical card company fraud department will tell you very little about the possible source of the fraud, other than talking about the fraudulent transaction amounts and merchants. Oh, and they will ask you repeatedly if you have ever been to the city in which the fraudulent transactions took place. I was even asked, "Are you sure you haven't lived at that address?". Ugh. I hate when people don't believe me. I did everything that you should do when you have to deal with a situation like this. Note to Bank of America: Telling your customers to "just sign an affidavit and you're all set" is NOT enough. There is much more to do than that, even if you have only suffered card fraud and not true identity theft. After all was said and done I was still left with a feeling that something was very fishy about this.Once I saw the article I didn't immediately connect the dots, but I came around. Although none of this is concrete, it makes perfect sense that I was a victim of this alleged ex-employee's little scheme. It's over with but what stays with me is the way Bank of America's fraud department made me feel like the guilty party and that this was all my fault somehow. Bank of America, I had a hunch it was you.