How to find out the balance of someone else's bank card, knowing its number?
When fraudsters call credulous cardholders and appear to be a bank security service, an interested buyer, an employee of government agencies, or someone else important, fraudsters probably choose victims for themselves, without spending time on those customers who have little money in their accounts.
It turns out that finding out someone else’s card balance is very simple.
All information is provided for informational purposes only. I am not responsible for any possible harm caused by the materials of this article.
')
How to find someone else's balance? To do this, you only need to know the card number - 16 digits (sometimes less) - and the date of birth.
Knowing the card number (or part thereof, further details) and the date of birth of the owner, it is enough to call from any phone on the hot line of the bank and in the IVR menu select the item “check card balance in automatic mode”.
It's one thing when the balance is voiced by the cardholder calling to the bank from his phone.
But the problem I want to convey is that banks, for the convenience of customers, provide such an opportunity even from non-attached, non-customer-owned phones.
I analyzed the TOP-10 banks of Ukraine by the number of active plastic cards on the possibility of obtaining a card balance when calling from an unregistered (non-financial) telephone number. I am sure that the situation is similar in Russia.
Such banks as Ukrgasbank (725 thousand active cards) and Ukreximbank (401 thousand) do not provide such an opportunity in IVR.
As you can see, the most clients whose card balance is so easy to find out are from Oschadbank - 5.41 million active payment cards (until the end of March 2017. At the moment, this is not possible from an unregistered phone. The article could be published many months ago and be called “How to find out the balance of someone else’s Oschadbank card” - I waited for the bank to correct the situation) .
And the clients of this particular bank suffer (suffer) from insufficient financial literacy, coupled with social engineering - after all, it is in Oschadbank among the cardholders that retirees, migrants, as well as those who receive social benefits ...
I will cite comments from Habrahabr users from other posts, to which a situation may arise when your balance is known to a third party.
For example, from the article " Tinkoff compromised data on the balance of cards of its clients ":
Or subordinates can find out the salary of their boss by checking the balance of his card on the day of receipt of funds.
There are a lot of examples who might need to know the amount of funds on someone else’s card.
In any case, this is confidential information, and it cannot be so easily disclosed.
In the IVR menu of many banks, other operations are available that can be performed automatically. In the framework of this material they are not counted. Also, I did not consider the possibility of checking the balance and performing other actions when calling from a customer-owned phone number — if there is someone else’s phone, it is possible to take actions even more terrible. Take care of your phone.
PS: Request to banks - make balance checks and other actions in the IVR from the phone number that does not belong to the customer impossible.
The largest PrivatBank / A-Bank does this and Oschadbank made many months after my appeal.
Or make it even more difficult - instead of the date of birth, you had to specify the passport number (I liked this approach in Alfa-Bank) or the identification card number (as in Raiffeisen Bank Aval).
Thank.
It turns out that finding out someone else’s card balance is very simple.
All information is provided for informational purposes only. I am not responsible for any possible harm caused by the materials of this article.
')
How to find someone else's balance? To do this, you only need to know the card number - 16 digits (sometimes less) - and the date of birth.
Knowing the card number (or part thereof, further details) and the date of birth of the owner, it is enough to call from any phone on the hot line of the bank and in the IVR menu select the item “check card balance in automatic mode”.
It's one thing when the balance is voiced by the cardholder calling to the bank from his phone.
But the problem I want to convey is that banks, for the convenience of customers, provide such an opportunity even from non-attached, non-customer-owned phones.
I analyzed the TOP-10 banks of Ukraine by the number of active plastic cards on the possibility of obtaining a card balance when calling from an unregistered (non-financial) telephone number. I am sure that the situation is similar in Russia.
| Bank | Number of active cards | The ability to check with an unregistered phone number |
|---|---|---|
| Oschadbank | 5.41 million | Until the end of March 2017 - yes: card number + date of birth. Now it is not possible from an unregistered phone. |
| FUIB | 667 thousand | Yes: 6 first digits + 4 last + date of birth. In response, we get the balance and the last card transaction, including the date of its execution |
| Ukrsotsbank (UniCreditBank) | 595 thousand | Yes: Card number + date of birth |
| Ukrsibbank | 1.04 million | Yes: Card number + expiration date + date of birth |
| Alfa Bank | 1.14 million | Yes: Last 4 digits of card + passport number |
| Raiffeisen Bank Aval | 2.11 million | Yes: last 8 digits of the card + identification number or Identification number, secret code and last 4 digits |
| PrivatBank | 17.08 million | No, this is not possible from an unregistered phone. |
| A-Bank | 461 thousand | No, this is not possible from an unregistered phone. |
As you can see, the most clients whose card balance is so easy to find out are from Oschadbank - 5.41 million active payment cards (until the end of March 2017. At the moment, this is not possible from an unregistered phone. The article could be published many months ago and be called “How to find out the balance of someone else’s Oschadbank card” - I waited for the bank to correct the situation) .
And the clients of this particular bank suffer (suffer) from insufficient financial literacy, coupled with social engineering - after all, it is in Oschadbank among the cardholders that retirees, migrants, as well as those who receive social benefits ...
I will cite comments from Habrahabr users from other posts, to which a situation may arise when your balance is known to a third party.
For example, from the article " Tinkoff compromised data on the balance of cards of its clients ":
Actually it is for rascals expanse. “We are calling you from the technical support of the bank, on your account now N rub. But for * to come up with actions * we still need the date of the card’s action and the code on the reverse side. ”Comment to my previous article " Vulnerability in Alfa-Bank Ukraine: getting the full name of the client by phone number ":
You can call this subscriber, call him by name and patronymic, introduce yourself as an employee of the bank and convince to perform any actions with the card or account. Social engineering, google: // Kevin_MitnikIn addition to fraudsters, curious colleagues can learn your balance.
Or subordinates can find out the salary of their boss by checking the balance of his card on the day of receipt of funds.
There are a lot of examples who might need to know the amount of funds on someone else’s card.
In any case, this is confidential information, and it cannot be so easily disclosed.
In the IVR menu of many banks, other operations are available that can be performed automatically. In the framework of this material they are not counted. Also, I did not consider the possibility of checking the balance and performing other actions when calling from a customer-owned phone number — if there is someone else’s phone, it is possible to take actions even more terrible. Take care of your phone.
PS: Request to banks - make balance checks and other actions in the IVR from the phone number that does not belong to the customer impossible.
The largest PrivatBank / A-Bank does this and Oschadbank made many months after my appeal.
Or make it even more difficult - instead of the date of birth, you had to specify the passport number (I liked this approach in Alfa-Bank) or the identification card number (as in Raiffeisen Bank Aval).
Thank.
Source: https://habr.com/ru/post/335634/
All Articles