Hacker News new | past | comments | ask | show | jobs | submit login

Well yeah.. but again, the number could also be in the footer of the banks website.

People usually get scammed when they have the card with them... when they lose the card, they're the one actively looking for a phone number, and not presented with one from a scammer.




- "Sir, I'm calling you because I found your card, I called your bank, and they gave me your number. They told me you should report the card as lost in case it's been used fraudulently with the phone number that is written at the back of the card"

- "Can you send me back the card?"

- "I'm in a train, I won't be able to do that for a while. You should really call"

- "But I don't have the number"

- "I can read it to you"

Pwn


Red flag number 1 - my bank wouldn't give someone random my telephone number. That would be illegal.


Good thing there are no data leaks or compromises! /s

That my bank insists on using essentially now public information now to verify (and refuses to use anything else, even after being repeatedly asked!) is also infuriating. Last 4 of SSN and DOB? Really?


Well, the point isn't that my bank wouldn't "leak" my details - I certainly don't trust them that far. So it's absolutely possible for a random person to get my phone number from the bank. But if a random person were to phone me and tell me that my bank gave them my phone number to be helpful, I'd be calling that out as a lie.


If someone spoofs the banks number on caller ID (trivial), knows all your security question answers, the bank you bank with, and your number - very few people are NOT going to fall for some kind of attack there correct?


How could they figure out the internal account number without hacking into the bank in the first place? I’m fairly certain there’s no way to derive the account number from a debit card number or any of the info you mentioned.


Via the data leak issue I mentioned? [https://www.bankinfosecurity.com/capital-one-warns-more-data...] which are becoming more and more common?


You have confirmation that internal account numbers were leaked in the capital one breach?


It says so right in the linked article.

Additionally, bank account ‘internal’ account numbers are pasted on every check that goes out and any ACH transfers also include that information, so it’s not like they are hard to cross reference with any of the other major breaches.

SSN, dob, which banks people use (and other financial institutions), which loans they have with whom, etc. also got leaked for pretty much every US adult with the equifax hack.


But for this, you must lose a card, not realize you lost it, a scammer must find your card, and he must somehow get your phone number to scam you.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: