BreachExchange mailing list archives
Citibank Korea e-payment hack
From: Dissent <Dissent () pogowasright org>
Date: Thu, 15 Feb 2007 12:20:51 -0500
http://news.mk.co.kr/newsReadEnglish.php?sc=30800005&cm=General&year=2007&no=83542&selFlag=sc&relatedcode=&wonNo=&sID=308 Personal data on the Citibank e-payment system, used for e-commerce, has been hacked, allowing illegal transactions on bank users' credit cards. According to the banking industry, 20 credit cards issued by Citibank of Korea have been illegally settled from Feb. 1 to 6, worth 50 million won. Citibank Korea has requested an investigation from the National Policy Agency's Cyber Terror Center after finding the company's e-payment system was hacked to garner dates on the customers' credit card information and passwords in order to make charges. Hackers targeted under-300,000 won financial transactions of companies with weak e-payment security. That method was used, as below-300,000 won financial transactions can be made by inserting basic personal information, such as credit card numbers and passwords without official certificates. "Unlike other banks, Citibank has omitted the process of inserting the Card Validation Code (CVC) when executing e-payments, allowing the culprits to take illegal actions," said an official from the Financial Supervisory Service (FSS). [...] -- Main site: http://www.pogowasright.org Main RSS feed: http://www.pogowasright.org/backend/pogowasright.rss Breaches RSS feed: http://www.pogowasright.org/backend/breaches.rss _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tracking more than 148 million compromised records in 573 incidents over 7 years.
Current thread:
- Citibank Korea e-payment hack Dissent (Feb 15)