Posts by kapple999 7 publicly visible posts • joined 18 Jan 2010
When reviewing our Y2K Inventory we were looking for systems we didn't "need" anymore. We found one system which had run daily at lunchtime since 1971 which checked in case we had any pre-decimal LSD-denominated Invoices come in, to convert them to decimal. This was discovered in 1998 - 27 years later × 5 x 52 = 7,000 unnecessary executions.
RBS is reported as saying that all Customer Accounts are back to normal. They may well be from a monetary perspective, but the data still remains corrupt.
I now have on my Account 3 BACS credits, one for nearly £500, all with a generic description of “RBS TRANS 220612”, which fails to identify the Customer or the Invoice number.
As I have over 200 Customers who might have paid me last week, I can’t be sure which ones these represent.
Furthermore I now have a Direct Debit for over £220 with the same description “RBS TRANS 220612” even though it was raised on 25th June. I don’t know who has raised the Direct Debit, nor what for – I’ve never had a D/D for this amount before.
I presume some programmer somewhere has simply decided to apply a generic description when they’ve lost the original description – the Bank balance is presumably now correct, but it means I can’t reconcile my Ledgers.
Firstly we had Sony being not very re-assuring, saying "While there is no evidence that credit card data was taken at this time, we cannot rule out the possibility ... to be on the safe side we are advising you that your credit card number (excluding security code) and expiration date may also have been obtained."
The next day we have Sony providing some reassurance, saying "The entire credit card table was encrypted and we have no evidence that credit card data was taken."
So on the one hand, why cause such consternation in the first place? On the other hand, there's no information regarding what strength of encryption was being used.
Certainly the face that personal data including passwords appear to have been held in the clear, rather than be subject to a one-way hash, suggests that Sony weren't exactly at the cutting edge of Security practices?
Now we have reports that hackers had a database that included customer names, addresses, usernames, passwords and as many as 2.2 million credit card numbers, and that the Sony hackers were hoping to sell the credit card list for upwards of $100,000.
As I already said as #19 on Ross's newsletter, I don’t think Ross’s experience dating back to June 2009 will recur, because since November 2009 you now have up to 13 months to query a transaction – no matter what MasterCard bylaws state.
http://www.moneymadeclear.fsa.gov.uk/products/credit_cards/credit_cards_getting_help.html
reproduced verbatim below :
“If there is an unauthorised transaction on your credit card account you should dispute it without undue delay (and no later than 13 months after the transaction).
It is for the bank, building society or credit card company to show that the transaction was made by you and there was no breakdown in procedures or technical difficulty.
If you’ve not authorised the payment then your credit card company must immediately refund you the transaction amount unless they have some evidence suggesting you may not be entitled to a refund because of the way you have acted. In these cases the credit card company must investigate the claim, but must do so as quickly as possible.”
Banks & Credit Card companies now have to keep all the data readily available for 13 months, just in case you make a claim a year later. They can’t claim they no longer have any records of the event. If they didn’t keep any records, then since they can’t prove their case - you win.
Sussex Accounts Recovery in St Leonards on Sea wrote to me in November accusing me of not having paid a months Tax/National Insurance for my Business - I had in fact paid. They invited me to phone them to discuss. The phone number quoted on the top of the letter is permanently engaged, and I mean permanently - I can never get it to ring, even out of hours.
Any attempt to find an alternative phone number via Google and local Governement websites only results in a British Telecomm intercept with "sorry that number is no longer in operation".
I phoned the HMRC Employer Helpline who admitted that they didn't have an alternative number for Sussex Recovery, and that they had had similar complaints, and that they "don't know what's going on down in St Leonards".
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
