Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Chase, Bank of America credit cards too hacker-friendly?

From: InfoSec News <alerts () infosecnews org>
Date: Wed, 24 Aug 2011 02:55:48 -0500 (CDT)
http://www.komonews.com/news/consumer/128288593.html

By Herb Weisbaum
KOMO News
Aug 23, 2011
SEATTLE -- There's a warning for anyone with a credit card from two of the nation's largest banks. 

A security loophole could make your information vulnerable to criminals.
This has to do with those automated telephone account information systems all the banks have. They sure are convenient. At Chase and Bank of America, they could be a little too easy to use.
"I was shocked at how easy it was to get into the accounts of other people. I had their permission, so I didn't do anything illegal," said Edgar Dworsky, consumer advocate and founder of website ConsumerWorld.org. 

But he proved his point.
Here's the flaw he uncovered. When you call a bank's automated credit card account information system, the computer uses caller ID to compare the number you're calling from with the one on the account, usually your home phone. 

[...]


_____________________________________________________________
Register now for the #HITB2011KUL - Asia's premier
deep-knowledge network security event now in it's 9th year!
http://conference.hitb.org/hitbsecconf2011kul/
Previous By Date Next
Previous By Thread Next

Current thread: