중앙데일리

Info from over 560,000 credit cards leaked

Damages unlikely as no PIN numbers or CVVs stolen: FSS

July 27,2019
Damages are unlikely following the leak of information on 568,000 credit cards from 15 financial companies, according to Korea’s financial authority.

The Financial Supervisory Service (FSS) said the likelihood of duplicating or purchasing goods in Korea or overseas is low as the only information stolen was the credit card numbers and their validation dates.

No PIN numbers or CVVs (card verification value) - also referred to in Korea as CVCs (card verification code) - which are crucial security codes, were stolen.

But the FSS warned consumers against possible fraudulent schemes that demand they access a certain website that requires PIN numbers or installing apps.

According to the FSS, the police requested its cooperation earlier this month in a financial fraud investigation after police found a large amount of credit card information on a USB flash drive.

When the FSS excluded overlapping information or credit cards that were expired, 568,000 credit card numbers and their expiration dates were included.

However, no sensitive information was found on the flash drive, such as PIN or CVV numbers, or any resident registration numbers belonging to the credit card holders.

“You can’t duplicate a credit card only with the credit card number and the expiration date,” said Kwon Min-soo, head of the FSS’s credit information evaluation department. “And when purchasing goods online, you need to have the CVC, PIN number and also the date of birth.”

Kwon added that while some overseas online malls don’t require the CVC, when there’s an anomaly, financial companies’ fraud detection systems confirm the purchases before approving them.

The owner of the USB flash drive is believed to have collected the credit card information from a credit card payment terminal.

The credit cards were issued from 15 financial companies including banks such as Kookmin, Shinhan, Woori and KEB Hana but also from credit card companies such as BC Card, Samsung Card, Hyundai Card, Lotte Card and foreign banks such as Citibank.

The FSS said in the last three months, the financial companies through their fraud detection systems found 64 fraudulent cases that attempted to make 24.8 million won in purchases involving credit cards whose information was on the USB flash drive.

However, none of the purchases related to the 64 cases went through and they were not related to the case involving the flash drive.

But the FSS is urging for caution and advising those whose credit card numbers were leaked to get a new card with a different number and suspend their overseas purchase services as they could be used in schemes where the con artists disguise themselves as authorities like the prosecutors’ office, police, the FSS and even as credit card companies looking for sensitive information.

The Korean financial authority has been strengthening security systems involving leaked credit card information.

“Since July last year all POS [point of sale] terminals have changed from magnetic reading, which were vulnerable to information leaks, to IC chips,” the FSS official Kwon said. “Unlike in the past, because the new IC chip transfer information is encrypted in the POS terminals, even if someone has stolen information, it will be difficult to decipher.”

One of the biggest credit card information leaks in the country was in 2014 when roughly 100 million credit cards were affected. The information that was leaked not only included the credit card numbers and their validation dates but also bank account numbers, spending history and annual income of the credit card holders, as well as private information, such as resident registration numbers, passport numbers, emails, home addresses and even job information.

BY JEONG YONG-HWAN [lee.hojeong@joongang.co.kr]


dictionary dictionary | 프린트 메일로보내기 내블로그에 저장