Last week, ConsumerWorld.org claimed that anyone could access credit card account info for Chase and Bank of America customers armed only with the customer’s phone number and the final four digits of their credit card. That’s certainly alarming, so MSNBC tested it out.
MSNBC’s Herb Weisbaum talked to ConsumerWorld’s Edgar Dworsky about the alleged loophole and got permission from Dworsky to try it with his information.
I was able to get into the database for Dworsky’s Chase and Bank of America credit card accounts. The automated system gave me his credit lines and how much credit was still available on the card, the amount of the last bill and when it was paid, plus information about dozens of recent transactions: the date, the amount and what was purchased….
This isn’t enough information to allow a crook to order a new credit card or get a cash advance. But an identity thief can use the information to build credibility with potential victims.
Here’s BofA’s response:
Our objective is to balance customers’ need for convenience and quick access to general information with industry best protection of their accounts… In addition to at least two levels of authentication required to access very limited information over our automated system, we have additional security controls in place to detect potential abuse of our automated systems. We understand that there will always be individuals who are trying to beat the system, and we’re constantly looking at measures to better protect and service our customers.
And now Chase:
Chase takes data protection extremely seriously and we have numerous fraud-detection tools in place to best protect our customers. We are always engaged in research and development for new anti-fraud and data-protection technologies and we are an established leader in data security.
“It’s so easy to close this loophole,” says Dworsky. “They just need to require anyone who calls their information line to put in the full 16-digit credit card number.”
Technique Used by UK Tabloid to Hack Voicemail
Can Expose Credit Card Info Too! [ConsumerWorld.org]