Jump to content

fillmorecontainer

Members
  • Posts

    2
  • Joined

  • Last visited

Contact Methods

  • Website URL
    http://www.fillmorecontainer.com

Profile Information

  • Gender
    Not Telling
  • Location
    Lancaster, PA
  • Interests
    helping customers succeed

Recent Profile Visitors

118 profile views

fillmorecontainer's Achievements

Newbie

Newbie (1/14)

11

Reputation

  1. Hi Mannie, All of our TruScent Fragrances are phthalate free, except: Warm Caramel Vanilla Mayan Gold Love Spell Lemon & Lavender Sweet Orange and Chili Pepper Hyacinth All contain DEP, which is a phthalate, but approved by the IFRA, who says it does not exhibit concerns that are raised by DBP or DEHP. Hope this is helpful! Fillmore Container
  2. To all those following the current credit card fraud debacle, This is Keith Reinhart from Fillmore. First - kudos to all of you who tirelessly participate in this forum and share your wealth of knowledge. After several days of phone calls with our web host, merchant processor, network administrator and e-commerce security consultant, it may be your combined effort on CraftServer that leads to discovery of the recent security breach and credit card theft by common denominator or process of elimination. I am still awaiting definitive answers from our experts, but I wanted to share with you what I know so far: There has been no known breach of the PCI-DSS (Payment Card Industry Data Security Standard) compliant web servers hosting FillmoreContainer.com. Our checkout pages are GeoTrust certified with SSL encryption up to 256-bit. Payments are processed at time of invoice through Sage Payments, a virtual terminal extension of our Peachtree Quantum enterprise software. There has been no breach of Sage's gateway or virtual terminal, where all cc data are stored. No card data are stored on our local network. All network machines are double password-protected, have Symantec Endpoint Protection, and sit behind a WatchGuard firewall. Web site hosting facilities are monitored 24x7x365 (** details below). We have been processing with increasing security on our site for over 7 years with no indication of compromise or fraud, and with the recent hacks we will continue to improve our systems and security wherever possible. I have engaged Trustwave for a forensics investigation to see if we can shed any light on the source of the current leak (whether at Fillmore or elsewhere) and to help discover any potential weaknesses in our systems and processes. The continued proliferation and poor detectability of trojan horse programs like Zeus won't allow me to (nor should anyone else) claim with 100% certainty that we (or they) were not the source of this cyber attack; so I'll say I'm 99% certain that Fillmore Container was not the source, and I'll spend the majority of the coming days pursuing the uncertain 1%. I'll continue to post as I learn more. If you have any hesitation in providing a payment card on our site, please paste your order into an email and call us with your card information. If you have questions or would like to further discuss the issue, please call me any time. Your business, your trust, and your peace of mind are not taken lightly and we will do whatever it takes to prove ourselves worthy of your continued support. Sincerely, Keith Reinhart President Fillmore Container, Inc. 866-FILL-JAR x102 ** For techies who care about the details, following is the simplified report given to me regarding the protection of our site and your sensitive information: Security - Secured perimeter access, Security cameras inside and outside of the building, and Honeywell Prowatch Proximity door access system in all entrance doors and into raised floor areas. This is all monitored 24x7x365 with alerts generated to the Windstream NOC. Firewalls – Firewall services are provided by a redundant active/passive firewall cluster consisting of 2 Cisco ASA5520 firewalls. Network Intrusion Prevention – Cisco AIP (Advanced Inspection and Prevention Security Services) modules are installed at the edge of the network. Working in conjunction with the redundant ASA cluster, the AIP modules perform IDS/IPS on all traffic flowing through the ASA devices. These devices provide accurate inline prevention technologies, multivector threat identification, unique network collaboration, and powerful management, event correlation, and support services. When combined, these elements provide a comprehensive inline prevention solution to detect and stop the broadest range of malicious traffic before business continuity is affected. Vulnerability Assessments – performs regular vulnerability assessments of networks, network equipment and hosted servers using variety of tools and technologies including Nessus and Microsoft Baseline Security Audit Tool and is PCI compliant. Weekly scans are performed by Control Scan.
×
×
  • Create New...