[Dataloss] Citibank Korea e-payment hack
Dissent
Dissent at pogowasright.org
Thu Feb 15 12:20:51 EST 2007
http://news.mk.co.kr/newsReadEnglish.php?sc=30800005&cm=General&year=2007&no=83542&selFlag=sc&relatedcode=&wonNo=&sID=308
Personal data on the Citibank e-payment system, used for e-commerce,
has been hacked, allowing illegal transactions on bank users' credit cards.
According to the banking industry, 20 credit cards issued by Citibank
of Korea have been illegally settled from Feb. 1 to 6, worth 50 million won.
Citibank Korea has requested an investigation from the National
Policy Agency's Cyber Terror Center after finding the company's
e-payment system was hacked to garner dates on the customers' credit
card information and passwords in order to make charges.
Hackers targeted under-300,000 won financial transactions of
companies with weak e-payment security.
That method was used, as below-300,000 won financial transactions can
be made by inserting basic personal information, such as credit card
numbers and passwords without official certificates.
"Unlike other banks, Citibank has omitted the process of inserting
the Card Validation Code (CVC) when executing e-payments, allowing
the culprits to take illegal actions," said an official from the
Financial Supervisory Service (FSS).
[...]
--
Main site: http://www.pogowasright.org
Main RSS feed: http://www.pogowasright.org/backend/pogowasright.rss
Breaches RSS feed: http://www.pogowasright.org/backend/breaches.rss
More information about the Dataloss
mailing list