Friday, April 23, 2010

Surprise Surprise! Blippy Exposes Credit Card Numbers

You can bet your "Bippy" that it was only a matter of time before "Blippy" exposed your PAN's (primary account numbers).  Now, I've just learned (from Mashable.com) that they can be "Googled" (see below)  



How could "anyone" NOT see this coming?  Now that I mention it, why does "anyone" still think you can type your PAN's into boxes on websites? You just can't do it.  Again, my favorite definition of insanity is the act of doing the same thing over and over again expecting different results.  You Type...The Bad Guys Swipe.  You Swipe, Your NOT the bad guys type.  It's that simple.



Here's what I had to say back in January when I first heard about Blippy: (the full post is below)  

When Blippy, which lets you twitter credit/debit card purchases rolled out earlier this month, my eyes rolled as well.







Click to Enlarge




BLIPPY CREDIT CARD DETAILS EXPOSED ON GOOGLE - MASHABLE



Nearly 200 credit card transactions shared on social networking site Blippy  have been exposed - with full credit card numbers included - in Google search results, according to Mashable.



More on this story: http://www.finextra.com/news/fullstory.aspx?newsitemid=21323





Blippy: Do You Really Want Your Card Transactions Showing Up as a Blip on the Bad Guys Radar Screen

When Blippy, which lets you twitter credit/debit card purchases rolled out earlier this month, my eyes rolled as well. Maybe because I still don't get Twitter. Somebody Tweets "I'm at Peet's" and frankly, it won't be more interesting finding out how much they spent there and what card they used. Who cares? Answer: The bad guys! 




Social networking sites have been identified as a nesting ground for purveyors of malware and phishing techniques, thus financial information gathering. It isn't difficult for them to round up needed information, but why make it easy for them by signing up to have your purchases show up as "blips" on the bad guys radar screens? I was waiting for someone else to see the naked emperor before saying anything. Cyveillance has spoken...



Blippy, could be a valuable tool for cyber criminals, warns Cyveillance



Blippy, a Spear Phisher’s Dream



This month, a service called Blippy was rolled out to the general public. In a CNN article this week, Blippy was described as a “financial version of twitter.com”, where users’ credit card transactions are posted to the internet much like the short tweets that people post to twitter.



On twitter, users post up to 140 characters on any topic they wish to discuss. On Blippy, a posting displays how much a person paid for a recent purchase. In the image below for example, we see that Michael Arrington of TechCrunch paid $112.64 at Amazon for a SanDisk 16GB 60MB/s Extreme Compact Flash Card.




Read more: http://pindebit.blogspot.com/2010/01/blippy-do-you-really-want-your-card.html#ixzz0lwY41HWK





Reblog this post [with Zemanta]
Posted by at
Labels: , , ,

Disqus for ePayment News