data has been compromised. in addition, based on our communications with financial institutions, they have also seen no indications that any pin data was compromised. so they didn't really say anything that wasn't true. why did that statement change today? is it possible they didn't know? or was it an attempt to hide the extent of the damage? >> what happens in these situations is you learn as you go. when they find out their point of sale systems had been compromised, they assumed it was what we call track data or track two data which come off the back of the magnetic strip. what we learned is the sophistication the hackers used at the point of sale systems, they started grabbing the devices, the information from the devices which is the debit card pins. as these response scenarios come out, they learn more and more. they're saying one thing and then next day they're changing the issue. they need to find the facts out