A cyber-attack on systems information technologyof the bank HSBC in Turkey has jeopardized customer card details. However, officials appear reassuring, saying that intruders could not use the data for illegal transactions. The incident was detected last week through internal control mechanisms. The cyber attack led to the disclosure of card data consisting of the number, expiration date and name of the owner. The card numbers associated with the cards have also been compromised.
Attackers have unnecessary financial information
The bank, despite the fact that the attackers managed to access this information, states that there is no risk of fraud with the cards, either by making copies or by online transactions. Printing fake cards and withdrawing money from ATMs or using them in retail stores is not possible simply because there is insufficient evidence (the magnetic strip informations and PIN are not available) to carry out this type of fraud. In the case of online purchases, which require less information from customers, the bank does not clearly state why fraudulent transactions cannot take place, but one of the reasons is the absence of code security of the card (CVV) from the list of stolen data. CVV (Card Verification Value), or CVC (Card Verification Code) is the Verification Code usually consisting of the last three digits of the code on the back of the card. Some banks issue a four-digit CVV located on the front of the card. These control codes are required in every online market to prove that the buyer really has the card with it and the data is not stolen from a database.
Micro-markets can be made
On the other hand, some retailers they do not ask for the security code during a purchase. This is the case with micropayments, which are limited to a certain amount. Merchants support these transactions in an effort to make the entire purchase process easy for their customers. In addition, it has been proven that this way customers are more willing to make small purchases. Through this process, the information cybercriminals have in their hands is sufficient to carry out a transaction. However, in the event that a malicious transaction takes place, the cardholders are entitled compensation.
Although the risk of fraud is non-existent in theory, HSBC officials said that the bank's customers should not associate any illegal payment as a result of the attack on their systems. At the moment, the bank has no indications of suspicious activity regarding the affected accounts, but assured that the attack does not pose any financial risk. To prevent a similar incident, the bank has already proceeded to upgrade of security measures. At the same time, an investigation was launched to reveal the identity of the attackers.