Skip navigation

Marghil and Yuga have revealed a security risk in Xoom. All you need is someone’s email address, zip code, and bank account number.

Yuga mentioned that it is unlikely that a person publishes his or her account number online. But does your bank print the account number on bank statements? Or does it display it when you do your online banking? If you do your internet banking in an internet cafe, do you clean up your tracks?

Consider this: most hacking incidents do not really require technical skills. Common social engineering techniques include dumpster diving (i.e., going through the waste basket) or shoulder surfing. If your bank prints your account number on your statement, the hacker already has two pieces of the puzzle. All he needs is the email account—and how many of us use our names as our email address?

So does your bank mask the account number? If not, you should strongly advise your bank to do so.


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: