A cyber-attack on the computer systems of the bank HSBC in Turkey has compromised customers' card details. Still, officials appear reassuring, saying attackers can't use the data for illegal transactions. The incident was discovered last week through internal audit mechanisms. The cyber attack led to the disclosure of card data consisting of the number, expiry date and name of the owner. Account numbers linked to the cards have also been compromised.
Attackers have unnecessary financial information
Η τράπεζα, παρά το γεγονός ότι ο επιτιθέμενοι κατάφεραν να έχουν πρόσβαση σε αυτές τις πληροφορίες, αναφέρει ότι δεν υπάρχει κίνδυνος scamς με τις κάρτες, ούτε μέσω δημιουργίας αντιγράφων ούτε μέσω online transactions. It is not possible to print counterfeit cards and withdraw money from ATMs or use them in retail outlets simply because there is not enough information (the information magnetic tape and the PIN code are not available) to implement this type of fraud. In the case of online purchases, which require less information from customers, the bank does not clearly state why fraudulent transactions can not be carried out, but one of the reasons is the absence of code card security (CVV) from the list of stolen data. CVV (Card Verification Value), or CVC (Card Verification Code) is Verification Code usually consisting of the last three digits of the code on the back of the card. Some banks issue a four-digit CVV located on the front of the card. These control codes are required in every online market to prove that the buyer really has the card with it and the data is not stolen from a database.
Micro-markets can be made
On the other hand, some retailers they do not ask for the security code during a purchase. This is the case with micropayments, which are limited to a certain amount. Merchants support these transactions in an effort to make the entire purchase process easy for their customers. In addition, it has been proven that this way customers are more willing to make small purchases. Through this process, the information cybercriminals have in their hands is sufficient to carry out a transaction. However, in the event that a malicious transaction takes place, the cardholders are entitled compensation.
Although the risk of fraud is non-existent in theory, HSBC officials said the bank's customers should not associate any illegal payment as a result of the attack on their systems. At the moment, the bank has no evidence of suspicious activity on the affected accounts, but assured that the attack has no financial risk. To prevent such an incident, the bank has already upgraded security measures. At the same time, an investigation was launched to reveal the identity of the intruders.