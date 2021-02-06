Experts named the ways of fraudsters to find out the balance of bank cards of Russians. Attackers can exploit not only the trust of citizens, but also vulnerabilities in applications. RIA News.

Yaroslav Babin, head of the web applications security analysis department at Positive Technologies, said that application errors, due to which fraudsters can take possession of confidential user data, occur regularly. According to him, every third banking application (31%) encounters problems associated with insufficient authorization (a year ago this figure was 63%). Such vulnerabilities allow cybercriminals to find out the amount of other customers’ accounts, view statements, find out transaction patterns or previous transfers.

At the same time, the problem may be not only in online banking, but also in any other application developed by the bank. Babin cited as an example a case when in the card2card service it was possible to enter the card number and amount and get an answer whether the amount on the account was sufficient for the transfer. So, fraudsters could find out not only the numbers of all bank cards, but also their balance.

The expert stressed that in such cases the client cannot do anything, since everything depends on the bank, which must deal with information security.

Attackers can also find out the balance of cards by simply getting into the trust of a person. According to Dmitry Ferapontov, senior lecturer at the Department of Banking at Synergy University, information that allows fraudsters to reach bank clients falls into their hands due to personal data leakage. In particular, such cases are possible when people use various services. In addition, there are unscrupulous bank employees who enter into a criminal conspiracy with malefactors. At the same time, the most commonplace way to find out the balance of the card is “peeping from behind”, when a person displays information on the ATM screen or uses a banking application in crowded places, said Ferapontov.