2

I've recently been approached by a person asking me for a donation to Save The Children. while I was inclined to donate, I didn't because they were asking my full name, 16 digits of credit card and expiration date to fill a form.

They said that they can do nothing wrong with my credit card information without the security code, but I'm not that sure, since security codes are only 3 digits (1000 possible combinations), even when payment processors block you after 10 failed attempts (that's the number I found after a quick search) that's still 1% chance of an attacker guessing your security code by brute force (Even more for VISA cards that don't count failed attempts from different sources made at the same time).

So what other attack vectors or risks exist (apart from the brute force attack) when someone gives up this kind of information to a stranger in the street?

Anders
  • 64,406
  • 24
  • 178
  • 215
Jorge Riv
  • 121
  • 1
  • Related: https://security.stackexchange.com/q/130221/151903, https://security.stackexchange.com/q/10400/151903 – AndrolGenhald Mar 01 '18 at 20:59
  • That's a good chunk of personal data and it might be possible to socially engineer your credit company into gaining other bits of useful data. Also any data like that is just part of the data needed for identity theft. Personally, I will not give that out to any street collector or door caller. – iainpb Mar 02 '18 at 09:10

0 Answers0