Standard Chartered Cathay Pacific MasterCard (formerly Standard Chartered Asia Miles MasterCard) has experienced a large-scale misappropriation of bills. Standard Chartered notified customers tonight (7th) that they are guaranteed credit card refunds. After verification of unauthorized credit card transactions, the bank will take the initiative to refund.
Chen Zhongxiang, a former deputy financial affairs spokesman of the DAB who is familiar with bank operations, analyzed that the incident may be related to "stylized bank identification number attacks (BIN Attacks), that is, hackers use programs to continuously try to analyze credit card numbers, expiration dates and security codes. And confirm whether the set of information is correct through small transactions.
He said that under normal circumstances, cardholders can apply for refund protection, and neither the cardholder nor the bank will suffer losses. However, he still recommends that the public can reduce the credit card limit, and major banks should also take this opportunity to review the mechanism to prevent BIN Attacks.
The stolen amount is low and the frequency is BIN Attacks
Chen Zhongxiang said that he noticed that many cardholders were stolen with relatively low amounts and more frequently, and believed that the greater chance was related to BIN Attacks.
He explained that the first 6 digits of credit cards of general card issuers are the same, which are used to distinguish card issuing banks. Most of them are stolen for two reasons. Hackers use programs to try to parse credit card information.
Use the program to continuously try and match data to verify through small transactions
He pointed out that credit card transactions involve three sets of credit card information, including the 16-digit number, the expiration date, and the three-digit security code on the back. Hackers use programs to continuously try and match the three sets of information. Get it” and confirm whether the attempt was successful through some online small transactions that do not require credit cards, signatures, and appearances.
After the hacker confirms that the information is accurate, the next step may be to use the information to conduct large-scale transactions, the most common is to buy bitcoins, "maybe sell the information, or use it for yourself."
It is recommended to reduce the credit card limit to ensure that the mobile phone number can receive bank information
As for how to protect personal data, Chen Zhongxiang said frankly that BIN Attacks are impossible to prevent, "it is inevitable, because the system cannot intercept the external use of the card", but it is recommended to reduce the credit card limit to minimize the maximum loss in the event of an accident "Even if you usually spend two to three thousand mosquitoes, it's not a big deal." And you must ensure that your mobile phone number can receive bank information, and you can know it immediately when it is stolen.
In the first nine months of this year, the Police Force has received 339 cases of online credit card fraud.
(profile picture)
Major banks should review the current mechanism
Chen Zhongxiang also said that he believes that this incident is not a security breach of Standard Chartered, and the Hong Kong Monetary Authority has a set of guidelines to ensure that the security factor of banks in Hong Kong reaches a certain level, and banks generally have mechanisms to deal with BIN Attacks. "When you see continuous error transactions, you can understand the system I won the BIN Attack", but emphasized that this is a good opportunity for major banks to review whether the current mechanism is safe enough.
The material card owner can apply for a refund guarantee without loss
If the citizens are unfortunately stolen in this incident, Chen said that they need to stop using it immediately, but it is expected that the card owner can apply for a refund guarantee and declare to the bank that there is no such transaction. Under the refund mechanism, it is expected that regardless of the card owner Neither the bank nor the bank will suffer as a result.
He added that since large-amount transactions generally require real-time passwords, it is unlikely that large losses will occur.
During the epidemic period, I received app notifications to charge hundreds of dollars. Standard Chartered’s bitter master was stolen by Luka 9 times to buy iTunes credit cards. In the first nine months of this year, a total of 5 million cases were lost. Using SC Mobile to instantly lock the card Asia Miles Standard Chartered card customer suspected of being stolen