Credit Card
Personal Debt Issues

British tabloid type "spoofing" threatens your credit card information

(9/2/2011) ERATE Exclusive - The same Caller ID "spoofing" that allowed British tabloid reporters to hack into voicemail systems, can allow other dirty tricksters to easily gain access to a chunk of your credit card information.

Once spoofers gain that initial information they can use it to leverage more crucial private information from you and commit full-fledged identity theft.

According to an investigation by Consumer World founder Edgar Dworsky, a Boston consumer advocate, credit card holders carrying cards from Chase or Bank of America are most vulnerable.

That's because the banks use a flimsy security system to verify your identification when you call in to their 24-hour-a-day automated account information telephone systems.

When you call, your phone number is revealed to the system (Unless you have it blocked. Friends and colleague wonder why I block mine. Duh). If the phone number matches the phone number on your account, some banks' security systems go into stupid mode, limiting security checks to asking only for the last four digits of your credit card number and your ZIP code.

Once into the system, you know the drill: "Press 1 to hear your credit limit," "Press 2 to check your outstanding balance," and so on, for your outstanding balance, recent payment history, an itemized list of recent charges, etc.

Anyone who can "spoof" your number, has those last four digits and your ZIP code, may be able to obtain the same account.

It is a federal crime, punishable by a fine of up to $10,000, to spoof or transmit misleading or inaccurate caller identity information with the intent to defraud, cause harm, or wrongfully obtain anything of value.

But spoofing is a piece of cake, for even novice hackers. Google it. Those last four digits on your credit card? They are on all those sales receipts you carelessly toss aside instead of shredding. Getting your ZIP code is like taking candy from a baby.

"The trouble with this system is that hackers, crooks, suspicious spouses, or nosy neighbors can access your credit card information using the same method the reporters from that British tabloid used to break into subjects' voicemail accounts," explained Dworsky.

"This is far more serious, however, since consumers' financial information and privacy are at risk," he added.

Dworsky tested his own credit cards to determine which banks short circuited their own security, he found Capital One, CitiBank, and American Express required entire card numbers to be entered. Chase and some cards issued by the Bank of America, only required the last four digits of the card number. Chase also required the cardholder's zip code, but Bank of America didn't always ask.

Further investigating, Dworsky spoofed friends' and a New York Times reporter's phones, with their permission, and learned much about their credit habits.

In Chase's system, Dworsky had options to hear how much credit lines were used and still available, the amount of the last bill, when the bill was paid and for how much, as well as recent purchase dates, amounts, and purposes. Dworsky said the Bank of America system sometimes revealed the specific names of merchants where the card was used.

With so much specific information, a thief could masquerade as a bank employee, call the cardholder, and attempt to cajole the cardholder out of their entire account number, security code and other information and then wreak identity theft havoc.

"It would be so simple for Chase and Bank of America to immediately require full account numbers when Visa and MasterCard cardholders access their system, and that would help thwart all but the most conniving of hackers. Requiring a password would further enhance security too," Dworsky said.

Dworsky said U.S. cell phone customers are similarly vulnerable. Call your voicemail from your cell phone and in many cases you don't need a password because the system sees your number -- or your number's been spoofed, as was the case in the British tabloid scandal.

When Dworsky, journalists and others contacted credit card issuers and banks, response was tepid.

 

 

 

Related Articles:

Credit scores cloudy with a good chance of confusion

New plastic doesn't have to melt down your credit score

Disclosure laws protect consumers from more credit card debt

Site to See: Federal Reserve's 'Credit Reports and Credit Scores'

Protecting Seniors From Fraud

 

 

 


Get the Updated and Improved Mortgage Rates App from ERATE.com

iPad for Mortgage Rates