23 Aug 2011

Simple hack could endanger credit card holders

Lax security measures at Bank of America and Chase potentially put those banks' credit card holders at risk for identity theft.

Edgar Dworsky, founder of ConsumerWorld.org, recently discovered a simple hacking method to access the credit histories of Bank of America and Chase card holders. If these banks identify an incoming call as originating from a phone number associated with a credit card account, automated systems only require the caller to provide the last four digits of his or her card number to access account information.

Dworsky points out that the last four digits of card numbers are often printed on receipts. Once a hacker obtains these numbers, the attacker can use simple phone spoofing software to trick the banks' systems into thinking the incoming call originated from the account holder.

After successfully testing this hacking technique, an MSNBC reporter contacted Bank of America and Chase. Representatives from both banks said security safeguards on credit card accounts are adequate.

Fraudsters can use hacked credit card histories to pose as legitimate bank employees who can be given sensitive information over the phone, such as complete card numbers, MSNBC warns.

The telephone has recently become a weapon of choice for hackers. Earlier this summer, the Oregon Department of Justice issued a warning that scammers pretending to be computer security experts were phoning victims and convincing them to download malicious programs.