BAKU, Azerbaijan, Feb.8
Trend:
Fraudsters can find out data on the balance of a bank card not only by social engineering, having squeezed out the data from the owners, but also through the vulnerabilities of mobile (banking) applications, said Russian experts, Trend reports referring to the Russian media.
According to Yaroslav Babin, Head of Web Applications Security Analysis Department at Positive Technologies, application errors are a common thing.
“These include the problem of insufficient authorization in online banking. This can be found quite often in the mobile applications of banks,” Babin noted.
“These vulnerabilities often lead to the fact that an attacker can find out the amount of other customers' accounts, view statements, find out transaction patterns or previous transfers,” he said.
Babin noted a case when in the card2card service (transfers from one card to another) it was possible to enter the card number and the amount, and in response the service could indicate that the amount entered for the transfer is insufficient or conditionally ‘everything is ok, there is such money here, can be translated’.
The expert added this is enough to roughly determine the balance of funds on the card.
According to Dmitry Ferapontov, a lecturer at the Department of Banking at Synergy University, the easiest way is to trust a person and obtain information by manipulating him.
At the same time, information gets into the hands of fraudsters through data leakage, Ferapontov added.
Such incidents are possible when citizens use various services: delivery of goods and services, ordering a taxi or a marketplace, the experts said.