On the security of Sberbank Online

In general, something happened and the correct password in Sberbank Online ceased to be perceived for me.





Without thinking twice, I called technical support, and after a short wait, my question was resolved. It was not possible to find out why the password was reset.





It turns out that to gain access to my bank, I (or anyone else) need to perform a trivial operation - change my username / password.





But the bottom line turned out to be that this requires only two things that are easy to get hold of:






  1. Bank card number (without CVC)





  2. Tied to SB Online phone, or rather, only the number of this phone





And that's it! I was not asked any secret key questions.





These attributes are obtained through a variety of data leaks, and if the leak is from a store, then the card number and phone number are likely to be together.





And banks themselves are not without sin. Fresh article on Habré.





After that, a SIM card is reissued through an unscrupulous cell phone employee.





Or an option - to lose (let to steal) the phone, preferably with an established bank client - so as not to look for a card number for a long time. Double Kill!





Further, as much and regularly as possible to deduct in the news , the lack of money on your card is not a problem for fraudsters - you can easily and quickly get a loan.





A typical example and bank reaction in all its glory.





, "".





, :





", - , - , .





, .





,





!"









P.S. [], . . - .





Upd. , : .








All Articles