Banks told of security flaw with use of caller ID By Hiawatha Bray Globe Staff / August 20, 2011
A Boston consumer advocate warned yesterday that JPMorgan Chase & Co. and Bank of America Corp. make it too easy for data thieves to steal personal information from their credit card customers.
Former Massachusetts assistant attorney general Edgar Dworsky, who now runs the consumer education website Consumerworld.org, discovered the flaw after reading a Globe story about "caller ID spoofing'' services - Internet sites used to trick caller ID systems into believing a call comes from a different phone number.
Identity thieves who know a customer's ZIP code and the last four digits of his credit card number can use such services to pose as a customer when calling an automated bank customer service line, Dworsky said. Retail stores often print the last four numbers of a credit card account on sales receipts, which a thief could recover from the trash if discarded by the customer.
...