

Hypothetical weakness in ICICI Credit Card, India - partoflife

tl;dr -&#62; When a card is blocked and new card is reissued my ICICI Bank Credit card., the first 14 digits of the new card is the same as the old card. the 2 changing digits were also in a series.<p>I did it twice on the same card. i.e block a card and request for a reissue. so the three card numbers were having same first 14 digits and the following last two digits.<p>xxxx xxxx xxxx xx08<p>xxxx xxxx xxxx xx16<p>xxxx xxxx xxxx xx24<p>So say if your card details was leaked online and you request ICICI to block the old card and get a new one, then all the attacker has to do is wait for a month for a hypothetical new card to reach and then use all other details(except for the CVV ofcourse, but cvv is just a 3 digit attack vector). and guess the last two digits. the last two digits also following a series.<p>According to my totally unlearned eyes. this is a weakness. What say you?
======
zaph0d
What about the Expiry Date & the CVV?

~~~
partoflife
Once you have a card number + personal details from previous attack. Expiry
date is the lamest to crack. cards are issued for years and not months, so it
will mostly be the same month as when the card was issued, i.e the same month
as the card was blocked. year part will be a company policy right? i.e from
the year of issue + x years types.

CVV is just a 3 digit numerical hack. if you have all other info, cracking CVV
should not be a challenge.

