Phone “spoof” hack could affect credit card customers


A security flaw at two of the nation’s largest credit card issuers means some of your personal info could be available to hackers over the phone.

Here’s the deal: When you call in to check your account balance at Bank of America or Chase Bank, their phone systems attempt to identify you by your phone number. Once the system thinks it has a positive ID, it will then ask you for the last four digits of your credit card number.

Therein lies the rub. Hackers can easily “spoof” your phone number when they dial into the banking system, whereby the trick the system into thinking that they are you on the other end of the line. That means all a hacker would need is the last four digits, which can easily be found on any receipt from just about any sales register when you use your card.

What info can be compromised if a crook “spoofs” your number and gets into your account? Your credit limit, outstanding balance, recent payment history and an itemized list of recent charges, according to

In investigative tests, this info was breached 100% of the time with Chase and routinely (though not quite 100% of the time) with Bank of America. Fortunately, the breach halted short of full-blown account takeover in both cases. But there’s a definity privacy issue here that has a lot of people riled up.

If you are a credit card holder at either bank, I would add that it would be to your benefit to go through your statements each and every month and make sure all charges are valid and proper. You have a 6o-day right to dispute bogus charges. After that, it’s your responsibility to pay it whether it’s a legit charge or a fake one.

  • Show Comments Hide Comments