Citibank Korea e-payment hack

[Dissent <Dissent () pogowasright org>]

http://news.mk.co.kr/newsReadEnglish.php?sc=30800005&cm=General&year=2007&no=83542&selFlag=sc&relatedcode=&wonNo=&sID=308

Personal data on the Citibank e-payment system, used for e-commerce, 
has been hacked, allowing illegal transactions on bank users' credit cards.

According to the banking industry, 20 credit cards issued by Citibank 
of Korea have been illegally settled from Feb. 1 to 6, worth 50 million won.

Citibank Korea has requested an investigation from the National 
Policy Agency's Cyber Terror Center after finding the company's 
e-payment system was hacked to garner dates on the customers' credit 
card information and passwords in order to make charges.

Hackers targeted under-300,000 won financial transactions of 
companies with weak e-payment security.

That method was used, as below-300,000 won financial transactions can 
be made by inserting basic personal information, such as credit card 
numbers and passwords without official certificates.

"Unlike other banks, Citibank has omitted the process of inserting 
the Card Validation Code (CVC) when executing e-payments, allowing 
the culprits to take illegal actions," said an official from the 
Financial Supervisory Service (FSS).

[...]

--
Main site: http://www.pogowasright.org
Main RSS feed: http://www.pogowasright.org/backend/pogowasright.rss
Breaches RSS feed: http://www.pogowasright.org/backend/breaches.rss  

_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss
Tracking more than 148 million compromised records in 573 incidents over 7 years.