by Broderick Perkins
DeadlineNews Group
(9/2/2011) Erate Exclusive - The same Caller ID "spoofing" that allowed
British tabloid reporters to hack into voicemail systems, can allow other
dirty tricksters to easily gain access to a chunk of your credit card
information.
Once spoofers gain that initial information they can use it to leverage
more crucial private information from you and commit full-fledged identity
theft.
According to an investigation by Consumer World founder Edgar Dworsky, a
Boston consumer advocate, credit card holders carrying cards from Chase or
Bank of America are most vulnerable.
That's because the banks use a flimsy security system to verify your identification when you call in to
their 24-hour-a-day automated account information telephone systems.
When you call, your phone number is revealed to the system (Unless you
have it blocked. Friends and colleague wonder why I block mine. Duh). If the phone number matches
the phone number on your account, some banks' security systems go into
stupid mode, limiting security checks to asking only for the last four
digits of your credit card number and your ZIP code.
Once into the system, you know the drill: "Press 1 to hear your credit
limit," "Press 2 to check your outstanding balance," and so on, for your
outstanding balance, recent payment history, an itemized list of recent
charges, etc.
Anyone who can "spoof" your number, has those last four digits and your
ZIP code, may be able to obtain the same account.
It is a federal crime, punishable by a fine of up to $10,000,
to spoof or transmit misleading or inaccurate caller identity information
with the intent to defraud, cause harm, or wrongfully obtain anything of
value.
But spoofing
is a piece of cake, for even novice hackers. Google it. Those last four
digits on your credit card? They are on all those sales receipts you
carelessly toss aside instead of shredding. Getting your ZIP code is like
taking candy from a baby.
"The trouble with this system is that hackers, crooks, suspicious spouses, or nosy neighbors can access
your credit card information using the same method the
reporters from that British tabloid used to break into subjects' voicemail
accounts," explained Dworsky.
"This is far more serious, however, since consumers' financial information and privacy are at
risk," he added.
Dworsky tested his own credit cards to determine which
banks short circuited their own security, he found Capital One, CitiBank,
and American Express required entire card numbers to be entered. Chase and
some cards issued by the Bank of America, only required the last four digits
of the card number. Chase also required the cardholder's zip code, but Bank
of America didn't always ask.
Further investigating, Dworsky spoofed friends' and a New York Times reporter's phones, with their
permission, and learned much about their credit habits.
In Chase's system, Dworsky had options to hear how much credit lines were
used and still available, the amount of the last bill, when the bill was
paid and for how much, as well as recent purchase dates, amounts, and
purposes. Dworsky said the Bank of America system sometimes revealed the
specific names of merchants where the card was used.
With so much specific information, a thief could masquerade as a bank
employee, call the cardholder, and attempt to cajole the cardholder out of
their entire account number, security code and other information and then
wreak identity theft havoc.
"It would be so simple for Chase and Bank of America to immediately
require full account numbers when Visa and MasterCard cardholders access
their system, and that would help thwart all but the most conniving of
hackers. Requiring a password would further enhance security too," Dworsky
said.
Dworsky said U.S. cell phone customers are similarly vulnerable. Call
your voicemail from your cell phone and in many cases you don't need a
password because the system sees your number -- or your number's been
spoofed, as was the case in the British tabloid scandal.
When Dworsky, journalists and others contacted credit card issuers and
banks, response was tepid.
Related Articles:
Credit
scores cloudy with a good chance of confusion
New
plastic doesn't have to melt down your credit score
Disclosure
laws protect consumers from more credit card debt
Site
to See: Federal Reserve's 'Credit Reports and Credit Scores'
Protecting Seniors From Fraud
|
