A cyber-attack on the computer systems of the bank HSBC in Turkey has compromised customers' card details. Still, officials are reassuring, saying attackers can't use the data for illegal transactions. The incident was discovered last week through internal audit mechanisms. The cyber attack led to the disclosure of card data consisting of the number, expiry date and name of the owner. Account numbers linked to the cards have also been compromised.
Attackers have unnecessary financial information
The bank, despite the fact that the attackers managed to access this information, states that there is no risk of fraud with the cards, either by making copies or by online transactions. Printing fake cards and withdrawing money from ATMs or using them in retail stores is not possible simply because there is insufficient evidence (the magnetic strip informations and PIN are not available) to carry out this type of fraud. In the case of online purchases, which require less information from customers, the bank does not clearly state why fraudulent transactions cannot take place, but one of the reasons is the absence of code security of cardς (CVV) από τη λίστα δεδομένων που εκλάπησαν. Το CVV (Card Verification Value), ή CVC (Card Verification Code) είναι ο Verification Code usually consisting of the last three digits of the code on the back of the card. Some banks issue a four-digit CVV located on the front of the card. These control codes are required in every online market to prove that the buyer really has the card with it and the data is not stolen from a database.
Micro-markets can be made
On the other hand, some retailers they do not ask for the security code during a purchase. This is the case with micropayments, which are limited to a certain amount. Traders support these transactions in an effort to make the whole buying process easy for their customers. In addition, it has been shown that this way customers are more willing to make small purchases. Through this process, the information that cybercriminals have in their hands is sufficient to carry out a transaction. However, in the event of a malicious transaction, the cardholders are entitled to compensation.
Although the risk of fraud is non-existent in theory, HSBC officials said the bank's customers should not associate any illegal payment as a result of the attack on their systems. At the moment, the bank has no evidence of suspicious activity on the affected accounts, but assured that the attack has no financial risk. To prevent such an incident, the bank has already upgraded security measures. At the same time, an investigation was launched to reveal the identity of the intruders.