First of all I
must to say that this action is not Hack and is not Publishing secure account
information of bank cards. Card number (PAN) printed on card surface plus hided
4 digits PIN1 inside of a 14 digits random number published here .It can not to
have any danger for accounts. Just card holders are able to recognize their card
number and PIN. So my weblog is just to warn card holders. I am warning them
that their accounts are in danger. Card
numbers must be used with expiration date and CVV2 plus PIN2 for cardless
transactions in our country. And physical card have track 2 information that is
not in my weblog.
I was Software
Manager at E. company. E. was PSP (Payment Service Provider ) of more
than 8 different banks. Not only we had not HSM device. But also Switch Development
Company did not exclude PIN information from log files. Card holders secure
information were accessible to many peoples for more than 3 years. Our security problem had great danger to card
holder accounts. I tried to solve problem by forcing our managers to buy HSM
device and to force second company for excluding PIN data. When I noticed they
did not want to solve problem. I left the E. I sent 1000 card information
to different bank CEOs anonymously. And warned them there is a great security problem
in our banking system. I did not receive a reasonable response. They reported
me to police too. Then I went to IT deputy of R. Bank and explained all
problems. IT manager and his deputy were venal. Finally
I left the country and begun to warn card holders by my weblog. This story
happened in about one year.
I was a manger that decided to solve one great
problem in our banking system. This is not Hack. I did not break any law. Any
card holder have right to know what kind of danger is threating him. This is a
philanthropy action.
I need to International helps from Human
Right Defender’s organizations. Our government wants to catch me.
From your point of view what is the name of
my action!?
(HSM “Hardware Security Module” is for managing keys and encrypting and decrypting of PIN)