Security Flaw Affects Two Of The Largest U.S. Banks
BOSTON (CBS) – The back-to-school shopping season might mean that your credit cards are seeing some extra action. That could put you, the consumer, at extra risk.
No matter why you’re using your credit cards, Somerville-based consumer advocate Edgar Dworsky says your private information could become public, especially if your credit card comes from Bank of America or Chase Bank.
“All of a sudden your personal financial information is an open book,” Dworsky explains.
WBZ-TV’s Jim Armstrong reports
While watching this summer’s U.K. hacking scandal unfolded, Dworsky got to thinking.
“I said, ‘Gee, I wonder if credit card accounts are vulnerable also.’ That’s what gave me the idea to check it.”
What he found wasn’t good.
When you pay by credit card, your store receipt almost always prints with the last four digits of your card prominently displayed.
Most of us can be fairly careless with those receipts.
Dworsky realized that a thief can use any one of a number of internet-based phone-number spoofing services to call your bank from what appears to be your home phone number.
The bank’s automated system recognizes what it thinks is your number, and lets the thief access your account information, using just those last four digits as “proof” the person on the other end of the line is really you.
“I found that Chase and Bank of America only require the last four digits when you’re calling from your home telephone, and that’s the problem,” reports Dworsky.
“It’s going to be very difficult to protect yourself until the banks change the system.”
Some banks require you to punch in your complete, 16-digit account number when you call their automated service; Dworsky says those banks’ systems offer more protection for the consumer.
But, he adds, Bank of America and Chase are reluctant to switch to that format because they say their customers like the convenience of only having to put in the last four digits.