NATS, some things just don't make sense to me?

[The Usual Suspect]

It's not much I actively post, but this does sound strange to me?

Are we looking at this the wrong way?

I'm not accusing anyone for anything, but I personally know about several programs who have complained about this for many months, and who also told NATS about it.
And NOT just two months like John is saying, I would say more like a year atleast, if not longer.
I also know a few companies that found out that the NATS admin user was active so much and contacted TMM about it,
they got it fixed, but on top of that they were then told to shut up about it as well???
But why weren't all the other NATS clients contacted about this, and why didn't they just fix it with one of their updates?
I'm sure TMM have done a lot of updates on NATS the last year or so. SO WHY DIDN'T THEY DO ANYTHING??

Even though if this had been a "hack" on their own servers, where the "hacker" were able to steal the master password to all NATS programs.
WHY wouldn't they clean this up 3, 6 or 12 months ago?, When the first customers made them aware of this admin user being so active etc.
I wonder if they had their own reason to let this be open for as long as they possible could?

I totally understand that the Programs/people who use NATS are watching over their own bread and butter, and want to defend NATS.
TheDoc and notoldschool I wouldn't listen much to when it comes to NATS. TheDoc has been with them since day one and probably have more interests in this then most of you.
Notoldschool sounds almost like John "talking", so it wouldn't surprise me if they are the same?
But that might just be me.....

TMM also say that no creditcard numbers get stored by NATS, well what is this then?
http://kb.getnats.com/idx/15/148/Bil...r_gateway.html

[notoldschool]

damn someone else trying to make a name. Ha ha.. First of all I dont know or never even met John. I doubt he would be stupid enough to sit on this board and argue with the likes of you in the manner that I have.

I personally think its the affiliate who will suffer from this the most. Considering most programs would make more money if the affiliate was out of the way I think most of the bozos on this board are their own worst enemy. Tmm's demise would not hurt me that much, I just dont like the entire industry taking a hit because some assholes like yourself want to have their own post so they think they are special or even liked.

[Tom_PM]

I think right now it'd be better to put a stop to the whole "kill the messenger" mentality that seems to have taken over.
But whatever, I dont use it anyway. What a clusterfuck.

[DamageX]

Quote:

Originally Posted by PR_Tom

What a clusterfuck.

You can say that again.

[Satan]

Nats does NOT store credit card info, the credit card info is stored at the billers backend, for instance we use ccbill and paycom they store all the CC info

[nico-t]

i know the times when i said something about nats a very long time ago on here - discussion was shaving and i said something in the likes of EVERY software can be modified to shave, so ofcourse also precious nats... almost the whole board reacted like nats was miraculously hack proof in weird aggressive cult-like attacks. Software that is completely hack proof? That would be the first in the whole world. Alot of retarded sheep throwing every logical reasoning overboard to defend something.... fucking retards

[Kimmykim]

Quote:

Originally Posted by Satan

Nats does NOT store credit card info, the credit card info is stored at the billers backend, for instance we use ccbill and paycom they store all the CC info

CCBill and Paycom are the merchant account owners for people that use their service, therefore the cc numbers, and technically ALL the subscriber data, belong to them. They are kind enough to share names, email addresses, etc with their sponsored merchant base, though once again technically, they don't have to do anything of the sort.

Just wanted to clear that up for you.

[jacked]

Quote:

Originally Posted by Satan

Nats does NOT store credit card info, the credit card info is stored at the billers backend, for instance we use ccbill and paycom they store all the CC info

but they do store the SSN of the affiliates, name, address, epassporte account, routing numbers for affiliates bank accounts for payouts.

so no it does not store credit card info but it does store other sensitive data.

[check]

I believe there is No 'hacker'.
I also believe most sponsor 'shave' after three year send traffics and 'watch', 'catch'.
I'm so sick when i saw some sponsor pay $60-150 per sale. I know what is it.

[The Usual Suspect]

Quote:

Originally Posted by Kimmykim

CCBill and Paycom are the merchant account owners for people that use their service, therefore the cc numbers, and technically ALL the subscriber data, belong to them. They are kind enough to share names, email addresses, etc with their sponsored merchant base, though once again technically, they don't have to do anything of the sort.

Just wanted to clear that up for you.

Thanks for the update on that, I thought it was a help section for using a merchant account?
I do have some experience with third party billers and know how that works with data and all signups which are sent through them.
But not with merchant accounts and affiliate software, that's why I was asking a question about it.

[The Usual Suspect]

Another thing which I already posted in a different thread is this:
----------
What I feel is a bit "strange", is a big player like TMM running paysites with an affiliate program on the side.
Just think about all the information they have had access to through all the other programs running NATS?
I'm then mainly thinking about webmaster info, like who are the big "whales" etc.
Running something big like that, it must be tempting sitting on all that information. Conflict of interest is maybe the right word?

Of course members emails is another thing, this have happend with several programs/third party billers before.
Think it was MaxCash that fired one of their employees for selling their members list. And who hasn't been offered big lists from third party billers?
----------

Quote:

Originally Posted by check

I believe there is No 'hacker'.
I also believe most sponsor 'shave' after three year send traffics and 'watch', 'catch'.
I'm so sick when i saw some sponsor pay $60-150 per sale. I know what is it.

Big payouts can be made because the programs get much more than a single join fee...There are also upsells, consoles, mailing addresses, x-sales, etc. Big payouts do not mean big shave.

Anyways, carry on with these threads everyone. It seems like the people looking for these issues have never looked in a NATS backend. There is no access to CC numbers in NATS.

[Kimmykim]

Quote:

Originally Posted by The Usual Suspect

Thanks for the update on that, I thought it was a help section for using a merchant account?
I do have some experience with third party billers and know how that works with data and all signups which are sent through them.
But not with merchant accounts and affiliate software, that's why I was asking a question about it.

I was definitely not addressing using NATS with a merchant account, just making it clear that Paycom/CCBill clients would not have the ability or option to see the cardholder data collected by the IPSP unless they chose to allow it.

The information available to a merchant account holder, from a subscriber data point of view, is entirely another animal.

As of late, and rightly enough, the card associations/processing banks are forcing merchants to either be PCI compliant or agree to have their data held by a PCI compliant gateway service, such as Netbilling, in writing.

[NETbilling]

Quote:

Originally Posted by Kimmykim

I was definitely not addressing using NATS with a merchant account, just making it clear that Paycom/CCBill clients would not have the ability or option to see the cardholder data collected by the IPSP unless they chose to allow it.

The information available to a merchant account holder, from a subscriber data point of view, is entirely another animal.

As of late, and rightly enough, the card associations/processing banks are forcing merchants to either be PCI compliant or agree to have their data held by a PCI compliant gateway service, such as Netbilling, in writing.

Thank you for pointing that out Kimmy and you are right, we go through yearly compliance as well as daily scans. There is no need for any merchants to store credit card data.

Mitch

[SmokeyTheBear]

Quote:

Originally Posted by Satan

Nats does NOT store credit card info, the credit card info is stored at the billers backend, for instance we use ccbill and paycom they store all the CC info

despite this a hacker using an admin nats pass could obtain lots of cc info

[AlienQ - BANNED FOR LIFE]

The rumor that CC data was taken oughtah be squelched.

It's been misleading. Alot of bone heads, and even the mainstream news at this point got it wrong.
Not good.

[AlienQ - BANNED FOR LIFE]

How is that possible Smokey when the IPSP holds that infoirmation?

[Paul Markham]

Quote:

Originally Posted by PR_Tom

I think right now it'd be better to put a stop to the whole "kill the messenger" mentality that seems to have taken over.
But whatever, I dont use it anyway. What a clusterfuck.

When you don't like the message and can't answer it, the best method is to ridicule the messenger. It's been used for centuries as a method to divert attention away from the real issue.

For instance look at all the good points made in The Usual Suspect's post and the focus is on CC numbers. No focus on the fact that this problem was brought up a long time ago, denied, ignored and even threats of C&Ds being sent to people who had found the problem. Go see Milan from OC3 post on the subject.

Then there was the easethe hacker was found, IP addresses, login times identified and the fact the hacker was using a TMM admin password. Seems TMM with the warnings could not find the problem. Incompetent or deliberate?

John Albright stated that "at risk clients" were previously warned. Have we seen any?

However as you said a lot of people would rather the these questions were not asked and that we all forget about it. Watch for those attacking me and not answering the real questions.

[Paul Markham]

The flaming of some people has a positive side.

Some are asking questions that need answering and the TMM supporters are bouncing the threads and many views are made. Some will just go with the flow and think TMM were just unlucky and not anything else. Many will read and see the lack of real answers, the side tracking of the issue, like CC info, the flaming for asking the wrong questions. They will have the intelligence to draw their own conclusions. So keep bouncing the threads.

Those with the ability to see will get the message.

[RomaCash]

as mentioned 100 times above.
and 101 again
- NATS is a GATE between biller,customer and service provider. It doen't store/save any CC details.

[SmokeyTheBear]

Quote:

Originally Posted by RomaCash

as mentioned 100 times above.
and 101 again
- NATS is a GATE between biller,customer and service provider. It doen't store/save any CC details.

and as mentioned several times , DESPITE the fact nats doesnt actually hold cc info , It is certainly possible this breach may have led to cc info being stolen.

The only way to RULE this out would be a security audit done by nats for each of the sponsors

( although even this would only rule out that there is no longer any cc info being stolen not that it couldnt have been )