←back to thread

1121 points alokedesai | 8 comments | | HN request time: 0.894s | source | bottom
Show context
rathboma ◴[] No.10466991[source]
You might want to obfuscate the last 4 digits of your credit card in that screenshot given how useful it is for hacking other systems.
replies(2): >>10467003 #>>10467108 #
1. johnsalzarulo ◴[] No.10467108[source]
Card's already canceled. Thanks though.
replies(4): >>10467173 #>>10467182 #>>10467184 #>>10467404 #
2. Blaaguuu ◴[] No.10467173[source]
I don't think that rathboma was suggesting that you might get fraudulent changes on the card - but any other service that you use which currently has that card on record could now potentially be compromised by anyone who knows your name and has those 4 digits - many customer support systems only need that much to verify your identity and make changes to your account.
3. thaumaturgy ◴[] No.10467182[source]
Do all of the online services you use also no longer use the last four of that card for authentication purposes over the phone? For instance, you can sometimes use the last four of the card on a GoDaddy account to get a password reset over the phone.
4. lemevi ◴[] No.10467184[source]
Doesn't matter, it's still confidential information that can be used to verify you or used to social engineer more information about you. "Hi sir, I'm calling in because I lost access to my account, I don't have my current card, but I do have the last 4 of my previous that I used on this service, will that be good enough?"

Like don't reveal unnecessary information if you don't have to. It's low effort, high risk.

replies(1): >>10467542 #
5. cbhl ◴[] No.10467404[source]
Some banks allow charges through to cancelled cards -- beware!
replies(1): >>10468643 #
6. vladd ◴[] No.10467542[source]
You should read: http://www.wired.com/2012/08/apple-amazon-mat-honan-hacking/

>> It turns out, a billing address and the last four digits of a credit card number are the only two pieces of information anyone needs to get into your iCloud account. Once supplied, Apple will issue a temporary password, and that password grants access to iCloud. <<

[Apple may have changed their policy meanwhile, but likely others did not]

7. nommm-nommm ◴[] No.10468643[source]
Hrm I've never heard of this apart from automatic billing systems ability to request the new card number. Any more specific info about that? I'm interested in how this is possible.
replies(1): >>10475092 #
8. Blaaguuu ◴[] No.10475092{3}[source]
I know that when I canceled my American Express card, they said that they would keep the account open for an X amount of time (I wanna say ~1 year), and I would be responsible for any charges during that period, and billed normally. However that was a case of canceling because I was just closing the account - not because of fraud... I assume they have different processes.