[ISN] Chase, Bank of America credit cards too hacker-friendly?

From: InfoSec News <alerts_at_private>
Date: Wed, 24 Aug 2011 02:55:48 -0500 (CDT)
http://www.komonews.com/news/consumer/128288593.html

By Herb Weisbaum
KOMO News
Aug 23, 2011

SEATTLE -- There's a warning for anyone with a credit card from two of 
the nation's largest banks.

A security loophole could make your information vulnerable to criminals.

This has to do with those automated telephone account information 
systems all the banks have. They sure are convenient. At Chase and Bank 
of America, they could be a little too easy to use.

"I was shocked at how easy it was to get into the accounts of other 
people. I had their permission, so I didn't do anything illegal," said 
Edgar Dworsky, consumer advocate and founder of website 
ConsumerWorld.org.

But he proved his point.

Here's the flaw he uncovered. When you call a bank's automated credit 
card account information system, the computer uses caller ID to compare 
the number you're calling from with the one on the account, usually your 
home phone.

[...]


_____________________________________________________________
Register now for the #HITB2011KUL - Asia's premier
deep-knowledge network security event now in it's 9th year!
http://conference.hitb.org/hitbsecconf2011kul/
Received on Wed Aug 24 2011 - 00:55:48 PDT

This archive was generated by hypermail 2.2.0 : Wed Aug 24 2011 - 00:51:13 PDT