Card Reissuance Recommended When Possible
Beware of Voice Phishing Exploiting This Incident
[Asia Economy Reporter Ki Ha-young] It has been confirmed that about 900,000 domestic credit card information records were leaked on the dark web, prompting card companies to notify affected members of the theft and begin reissuing cards. The card companies will fully compensate for any amounts used with the illegally distributed card information.
According to the financial industry on the 13th, card companies have started notifying customers of the information leak and reissuance through emails and text messages. Previously, the Financial Security Institute confirmed from a foreign private security firm that about 900,000 domestic card information records from January 2015 to last month were being illegally traded on the dark web. The dark web is an internet black market that can avoid IP tracking.
Excluding cases where the expiration date has passed or the card was reissued before, making it unusable, approximately 410,000 cards are currently valid among the 900,000 leaked records. The leaked information includes card numbers and expiration dates, but password information was not leaked.
This information leak is presumed to have occurred through POS terminals infected with malware before the introduction of IC terminals. The Credit Finance Association explained that since IC terminals with enhanced security certification are now mandatory, there are no additional information leak issues. Furthermore, they emphasized that they have already confirmed the card information theft, reflected it in the Fraud Detection System (FDS), and are blocking approval of fraudulent use. The card companies plan to fully compensate for fraudulent use incidents to prevent direct damage to card members.
However, the association recommends reissuing cards if card information has been stolen. Reissuance applications can be made through each card company’s website, branches, or by contacting the customer center and requesting reissuance after connecting with a representative.
Additionally, caution is advised against voice phishing and other scams. The Credit Finance Association warned that financial fraud groups may exploit this incident to send electronic financial fraud and loan scam messages, so vigilance is necessary. Since messages from card companies do not include URLs, customers should not click on any links and should contact the card company directly.
To prevent fraudulent card use, it is necessary to request IC chip priority transactions at merchants and regularly change online card payment passwords. With overseas travel difficult for the time being due to COVID-19, applying for overseas card usage suspension services from domestic card companies is also an option. Moreover, if cardholders consent to the use of entry and exit information, card companies can receive this information and block transactions if fraudulent use occurs overseas.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
