New York's Metropolitan Transportation Authority (MTA) has disabled a feature associated with its contactless payment system for the city's subway system, following a report showing how easily someone could abuse it to access another individual's trip history for the prior seven days.
The report by 404 Media described how anyone with access to a credit card number that another individual might have used to tap-and-pay for subway rides could then use the card to track the individual's movement on the subway system. All that someone needed to do was to enter the card number into the MTA's One Metro New York (OMNY) website to pull up the associated account holder's trip-history for the preceding week — without any additional verification.
In addition to someone having physical access to another individual's wallet, credit card numbers are also easily available in underground markets for anyone willing to buy them. A report that Comparitech released in August showed that the average Dark Web price for basic credit card information — including card number, CVV, expiration date, and cardholder name — is $17.36. The prices are tied to the available credit on a stolen card and go into the hundreds of dollars for cards with high credit limits. Just buying a number, though, is likely much more affordable.
A Stalking Threat
OMNY's trip history information shows only the point of entry into the subway system, not the exit point. Even so, the data is enough for an abuser to stalk victims or for someone to track an individual or narrow down where they might live, the 40 ..
Support the originator by clicking the read the rest link below.
