General Category > UseMy Content

11 March 2006 - Original Post

(1/1)

UseMy Post:
PIN Scandal \"Worst Hack Ever;\" Citibank Only The Start



The unfolding debit card scam that rocked Citibank this week is far from over, an analyst said Thursday as she called this first-time-ever mass theft of PINs \"the worst consumer scam to date.\"

tony:
Not quite how I thought that would look.

Brasidas:
Since CitiBank will have to pay back the consumers affected by the breach, I think its fair to say  :D What a bunch of idiots.

I'm certain I'm making conclusions on waffer thin information, but from the jist of this:


--- Quote ---Litan's sources in the financial industry have told her that thieves hacked into a as-yet-unknown system, and made off with data stored on debit cards' magnetic stripes, the associated "PIN blocks," or encrypted PIN data, and the key for that encrypted data.
--- End quote ---

Sounds like the stored all the information in one place.  Why is it hard to understand, if you hold everything on one system in one place for long enough, if some one cares enough its going to be hacked.  Now if the 'as-yet-unknown system' is somehow used to verify debit card orders as they come in, its somewhat understandable - but I somehow doubt it was.  But If its a storage back up, and official account or list, or even partial list, then Citibank is not the sharpest tool in the shed.  If you store the magnetic strip data in one place, a PIN block in another place, and a PIN list in yet another, it makes hacking into one system only a slight discomfort.

I get a kick out of this quote

--- Quote ---"Up until this breach, everyone thought ATMS and PINs could never be compromised."
--- End quote ---

I hope by everyone he means everyone of the idiots working for CitiBank.  It's not rocketscience to understand a 4 digit pin number is not an inpenetrable defense system - Blasphemy!

Cheers,

Brasidas

Navigation

[0] Message Index

Go to full version