The account, which the cybercriminals allegedly used, helped to identify a vulnerability in the banking security system. The existing loophole allows an unscrupulous bank employee to guess the secret PIN code of a plastic card in an average of 15 attempts. And now, computer security experts are insisting that banks conduct an audit of the procedures for handling customer claims about the disappearance of money from accounts. In February 2000, just two days after the South African businessman Anil Singh, the owner of the Diners Club plastic card, became the owner of the new secret code, someone in London managed 190 times to withdraw cash from his account. As a result, the businessman missed almost 80 thousand dollars, Singh himself swears that he has nothing to do with these operations, since he was 6,000 kilometers away - in Durban, SOUTH AFRICA. And, naturally, he refuses to pay. And Citibank, which issued this plastic card, is now suing him. In such situations, customers are most often the culprit, because banks are confident that their systems are reliably protected from intruders, says security expert Ross Anderson of the University of Cambridge.
became possible due to the imperfection of the computer system, which is used to authorize users. Indeed, anyone who tries to guess the code using the brute-force method using an ATM will be blocked by the system after three incorrect attempts. However, it turns out that bank employees can endlessly pick up the code, until they guess the right one. To guess which of the 10,000 possible permutations is the four-digit code, on average, you need to make 5000 attempts. However, Anderson and Bond have shown that the system used by most UK banks can find the right option in just 15 tries. Sandra Quinn of the Association for Payment Clearing Services says it's one thing to do an experiment in a laboratory setting and quite another to do it in a working bank. “Nobody claims that it is impossible. However, it is unlikely that the British banking system would have been so easy to break through, ”she said. Others object. “This is really a weak point,” says Adam Hawley of Caplin Systems, which developed security software. But you must have a very high level of authority to take advantage of the existing loophole."
became possible due to the imperfection of the computer system, which is used to authorize users. Indeed, anyone who tries to guess the code using the brute-force method using an ATM will be blocked by the system after three incorrect attempts. However, it turns out that bank employees can endlessly pick up the code, until they guess the right one. To guess which of the 10,000 possible permutations is the four-digit code, on average, you need to make 5000 attempts. However, Anderson and Bond have shown that the system used by most UK banks can find the right option in just 15 tries. Sandra Quinn of the Association for Payment Clearing Services says it's one thing to do an experiment in a laboratory setting and quite another to do it in a working bank. “Nobody claims that it is impossible. However, it is unlikely that the British banking system would have been so easy to break through, ”she said. Others object. “This is really a weak point,” says Adam Hawley of Caplin Systems, which developed security software. But you must have a very high level of authority to take advantage of the existing loophole."
