Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Hypothetical weakness in ICICI Credit Card, India
2 points by partoflife on Dec 24, 2011 | hide | past | favorite | 2 comments
tl;dr -> When a card is blocked and new card is reissued my ICICI Bank Credit card., the first 14 digits of the new card is the same as the old card. the 2 changing digits were also in a series.

I did it twice on the same card. i.e block a card and request for a reissue. so the three card numbers were having same first 14 digits and the following last two digits.

xxxx xxxx xxxx xx08

xxxx xxxx xxxx xx16

xxxx xxxx xxxx xx24

So say if your card details was leaked online and you request ICICI to block the old card and get a new one, then all the attacker has to do is wait for a month for a hypothetical new card to reach and then use all other details(except for the CVV ofcourse, but cvv is just a 3 digit attack vector). and guess the last two digits. the last two digits also following a series.

According to my totally unlearned eyes. this is a weakness. What say you?



What about the Expiry Date & the CVV?


Once you have a card number + personal details from previous attack. Expiry date is the lamest to crack. cards are issued for years and not months, so it will mostly be the same month as when the card was issued, i.e the same month as the card was blocked. year part will be a company policy right? i.e from the year of issue + x years types.

CVV is just a 3 digit numerical hack. if you have all other info, cracking CVV should not be a challenge.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: