NEWwbztv-small wbz-am-small 985-small mytv38web2

Local

Security Flaw Affects Two Of The Largest U.S. Banks

By Jim Armstrong, WBZ-TV
View Comments
(Photo credits: Justin Sullivan SAUL LOEB/AFP/Getty Images)

(Photo credits: Justin Sullivan SAUL LOEB/AFP/Getty Images)

WBZ-TV's Jim Armstrong Jim Armstrong
Jim Armstrong is an Emmy-award winning reporter who joined WBZ-TV in...
Read More

Get Breaking News First

Receive News, Politics, and Entertainment Headlines Each Morning.
Sign Up

BOSTON (CBS) – The back-to-school shopping season might mean that your credit cards are seeing some extra action. That could put you, the consumer, at extra risk.

No matter why you’re using your credit cards, Somerville-based consumer advocate Edgar Dworsky says your private information could become public, especially if your credit card comes from Bank of America or Chase Bank.

“All of a sudden your personal financial information is an open book,” Dworsky explains.

WBZ-TV’s Jim Armstrong reports

While watching this summer’s U.K. hacking scandal unfolded, Dworsky got to thinking.

“I said, ‘Gee, I wonder if credit card accounts are vulnerable also.’ That’s what gave me the idea to check it.”

What he found wasn’t good.

When you pay by credit card, your store receipt almost always prints with the last four digits of your card prominently displayed.

Most of us can be fairly careless with those receipts.

Dworsky realized that a thief can use any one of a number of internet-based phone-number spoofing services to call your bank from what appears to be your home phone number.

The bank’s automated system recognizes what it thinks is your number, and lets the thief access your account information, using just those last four digits as “proof” the person on the other end of the line is really you.

“I found that Chase and Bank of America only require the last four digits when you’re calling from your home telephone, and that’s the problem,” reports Dworsky.

“It’s going to be very difficult to protect yourself until the banks change the system.”

Some banks require you to punch in your complete, 16-digit account number when you call their automated service; Dworsky says those banks’ systems offer more protection for the consumer.

But, he adds, Bank of America and Chase are reluctant to switch to that format because they say their customers like the convenience of only having to put in the last four digits.

View Comments
blog comments powered by Disqus