Sophos Cloud Optix
Identity thieves of the world unite… a Twitter account has just made things a whole lot easier for you.
The account, @NeedADebitCard, names, retweets and shames those Twits who post pictures of their credit or debit cards on the social networking site.
With its bio listed as “Please quit posting pictures of your debit cards, people”, the account has gained over 5000 followers in a little over a month.
Some people have at least attempted to obscure some of the information, by using a strategically placed thumb or, in one case, black marker pen. But others haven’t even done that.
Take Jamie B, for example. He’s just cut up his debit card to stop him spending any money.
And it’s important that the whole world knows, right?
Just cut my debit card in half because I have decided that money will not rule my life...
Then there’s Dana K who, after cutting his debit card into 24 pieces, has now stuck it back together and posted the picture for all to see.
Cut my debit card up and then put it back together, took a good 10 minutes
What is going on here? Is it really that important for you to post that picture that you’d risk identity theft? How interested are your genuine online friends in a picture of your bank card anyway?
Putting up a picture which features all your bank card information is like giving thieves a good chunk of your identity jigsaw puzzle.
If someone who had seen your photo then decided to follow you – and look you up on other social networking sites – they could start to build up more details about you and add missing pieces to the puzzle.
And while most online services require the three-digit security code on the back of the card, not everyone asks for it.
Some of the pictures have now, wisely, been deleted, but that doesn’t stop new ones being posted today, or tomorrow.
If it’s not obvious enough already, it really isn’t a good idea to post any of your personal information online. And that includes photos. Especially ones that help the bad guys steal money from you.
Credit card image, courtesy of Shutterstock
People are just precious right?
What's the problem? All those cards I found there have their CVC on the back which is not shown. If someone purchases something without it you can easily do a chargeback.
Not that easy… some countries have rules that you have to take care of you card, otherwise you won't get total refund. E.g. if you forget your card in a public place and someone else uses it, you're to blame for it and won't get all your money back.
This with the pictures in twitter, if the bank hears about it, they'll blame you for your lack of care and you won't get the refund. (Actually, I don't remember if you don't get any refund, or only part of it, I just remember to have read the 'new' rules some years ago)
the cvc is only max 1000 brute force tries away . . .
In some EU countries and in the USA. CVC digits do not exist along with other payment card third form factor authentication such as chip & pin. Most USA credit cards (take american express for example) allows for customer not present transactions just by using the information on the front of the card. Also, you can easily fraudulently use a “captured” card even with out CVC digits in some payment services in say Russia for example, or even sell the information on which may start social fingerprinting against the card holder.
No matter how hard security folks work to protect payment transactions, basic common sense must be applied by the card holder. Technically in most T&C’s, the card issuer is under no obligation to charge-back if you have publicly displayed your card details in an unsafe unacceptable manner or not performed steps to safe guard it.
Mind you, the bot account only puts the finger into the festering sore… if you go to the Twitter webpage and just enter "my credit card" and then select "Top images" you'll immediately get 2 complete cards and one with one missing digit: https://twitter.com/#!/search/my%20credit%20card/…
People have NO brains.
I do all that I can to keep my bank details private. I even shred my bank statements & ATM slips.
I distrust the Internet so much I refuse to do anything online that involves money in any way shape or form. NOT owning a credit card makes it much easier too.
Sophos is an unparalleled offering, offering consistent, real time IT information.
Keep up the good work!
This is heights of dumbness!!!
Duh! Can someone show me the stupid app on my iPhone?
Some people just don't deserve to be given a credit card. Slap…!
It'd be interesting to check and see whether the morons who post photos of their debit cards are actually still alive a few years down the road. If they survive their own stupidity, it'd make a strong case for the existence of miracles.
It's amazing how carelessly people will tell the Internet everything about themselves.
I wonder if this Twitter bot will get the same sort of negative reactions @StealthMountain does. (Stealth Mountain automatically sends corrective replies to people who say "sneak peak" instead of "sneak peek".) Most of the replies it receives in return are profane threats of violence from people who take it as a personal insult, and the rest are confused as to how this random account found them so quickly. People seem to forget that pretty much everything on the public Internet is open for the world to see.