Banks 150,000 cards were turned away because of mobile phone was cloned, where vulnerability is? -Mobile phone, bank card, stolen-IT information

"Flight attendants Xin Zhang it is almost the same as the case with us. "A few days ago, was being distributed by a mobile phone SIM card" cloning "bank cards were turned away after more than 100,000 yuan Gao told the newspaper – the recent uproar stewardess Xin Zhang being lied to about 150,000, the same way, the same is" Nowhere ". A similar scam, users frequently fall, outsiders point operator. However, a recent court cases show that fraud losses related to the telephone operator and do not have to take responsibility. Real loss of mobile phone users, responsibility for what judge? Who will bear the loss?

Case study:

Flight attendant phone number was 150,000 yuan in the cloned cards were turned away

Stewardess Xin Zhang in his microblog about 150,000 yuan of stolen bank card, it is revealed that around 4:30 P.M. May 4, which received a series of harassing phone calls, ignoring, until his phone call to shutdown. She no longer boot time, mobile phones have been in a State of no service. 2 o'clock in the afternoon the next day, she went to the Bank to withdraw money when, found that all 150,000 yuan in the bank card is gone. Then she called China Everbright bank customer service, about 5:20 P.M. results May 4, money has been taken away. Then she found, have been without service phone number has become empty.

According to the operator revealed on May 4 I second generation ID card and Zhang Xinyu ladies supplement card with the temporary ID card to the Office for her business. "In accordance with national legislation and the articles of incorporation in checking my second-generation ID card information and comparison of a woman after a temporary ID is retained in the system information, in accordance with the operational procedures for card replacement business. ”

Coincidentally, this newspaper has previously reported that Shenzhen Gao wife phone suddenly on January 1 does not function calls, SMS and Internet access, then discovered name Everbright, ping an and China Construction Bank a total of more than 100,000 yuan deposit "disappear". They then found their own SIM cards were cloned.

Survey:

SIM card cloning transfers also need password

In recent days, reporters are aware that operators, banks, as well as network security technology, Mobile SIM card be cloned without payment password, nor turn away users money on the card.

In the preceding example, outlaws gets Ms Zhang and GAO to his wife's identity, and clone their SIM card. So had reserved phone number, temporary ID cards as well as bank accounts, criminals will be able to transfer money?

"No, payment or payment password. "Banks told journalists, even cheat to get this information, if they do not have the password, not the pay.

So, cheats how to get or change the password? The source told reporters that password changes only through the ATM or counters, if the cheater is not someone else's bank card, unable to change the password, "no card, even holding identity cards to the counter change password. ”

Then the criminals to carry out fraudulent, can only take the electronic channels (Internet banking or phone banking), modify the "your ATM card PIN" before, must have "password". At this point, ID card or temporary identity card does not make a big difference.

As for credit cards, there is also a modified "password", "consumer code" approach is via bank service hotline, and reserve phone number can call the hotline (clone), and modified by other authentication methods.

Question is whether Mr Zhang is still too high, its stolen/fraudulent bank cards, are not launched mobile banking/online banking. In other words, the phone even if the cloning, does not mean that users of bank card money can go.

Network security technologies, according to unruly elements can "bump" way to receive part of the user's password. "Like you're using email passwords, they will try to match your bank account passwords. "The person said, outlaws human cloning mobile phone number, only part of the scam, not all of them.

Case:

Operator shall not be liable

Whether it is also high, were tricked into first time after the alarm, but has yet to solve a basic does not recover the losses suffered. However, the case has not yet been revealed, and users will be responsibility of the user to the operator. "Carrier is a channel, not because of an accident on the freeway, just blame it on the highway. "A few days ago, southern Guangdong, local operators said the network platforms such as QQ, micro-letter hoax, but few consumers will find they" fill the loss. " The source also said Guangzhou mobile phone users received a self-proclaimed "court summons" phone call, they believe, has to account to the other party to enter the more than 700,000 yuan. Of course, the money eventually fall into the hands of liars.

According to the sources, prosecute operators of mobile phone users, that carriers do not provide real phone, by the criminals, "modification software" got their hands. Court of first instance fined the operator assumes the liability and fines of 10,000 yuan. Subsequently, the operators ' appeal, overturned a verdict in the second instance, operators do not have to bear the responsibility. "In this case, the Court clearly recognized the operator's perspective, providing communications services, users identify the authenticity of the calls. ”

Paradox is that Shenzhen people also received after "modification software" after doing a fake customer service phone, believed he had been deceived of 440,000 yuan, prosecuting local operators claim a total loss, according to a recent trial results-the operator loses. At present, the operators have appealed.

Follow-up:

Loss of users who to pay?

"Dynamic validation code is the last loop, clone the SIM card and the false base station the most abominable. "The interview, banks said, operators and authorities blocked puppet of base station and clone the SIM card" slot ". Operators who said the false base station despite repeated prohibitions, in the case of documents of compliance to business customer service to determine who clone someone else's SIM card. Instead, the Bank is responsible for the last part of cash flow, the Bank should be responsible for "intercepted" user is cheated of the money was transferred.

"A disclaimer form contract provided by the banks, cell phone user requirements user signature to immediately stop cash flow. "Said one operator, if you want to alarm, and then with police credentials requires banks to freeze accounts, too long a liar too fast.

In this regard, the Bank said, it will also be unable to block completely cheats, fraudsters usually have hundreds of accounts will soon be scattered out of the money in the account. Moreover, bank transfers between banks system, close to the Bank or banks do unblock, and specific case studies.

"At present, convenience and safety, is a contradictory body, current transfers, online payment is convenient, but the security needs to be improved. "Police/Ministry/Ministry of public security, operators, Banking/Bank, needs to work together from the source, process control, and not only through joint action knocked out several groups, how much money this way.

银行卡15万元被转走竟因手机号被克隆，漏洞究竟在哪里？ - 手机号,银行卡,盗窃 - IT资讯

“空姐张馨予这事跟我们几乎是一样的案例。”日前，曾因手机SIM卡被人异地“克隆”后银行卡内被转走10多万元的高先生告诉本报记者——近日闹得沸沸扬扬的空姐张馨予被骗15万元一事，同样的手法，同样是“投诉无门”。类似的骗局，手机用户频繁上当，外界将矛头指向运营商。然而，一个最新的法院判例却显示，诈骗电话导致的损失，运营商并不必担责。手机用户的损失真切存在，责任到底怎么判定？损失由谁承担？

案例：

空姐手机号遭克隆卡内15万元被转走

空姐张馨予在自己的微博上讲述了银行卡15万元被盗取的过程，据透露，5月4日下午4时30分左右，其接到了一连串的骚扰电话，没有理会，直到自己的手机被打到关机。等她再开机的时候，手机一直处于无服务的状态。次日下午2时，她到银行准备取钱的时候，发现银行卡里的15万元全部没了。随后，她致电中国光大银行客服，结果证实5月4日下午5时20分左右，钱已经被取走。随即她发现，一直无服务的那个手机卡号已经成了空号。

据运营商透露，5月4日有人持本人二代身份证及张馨予女士的临时身份证到营业厅为她办理补卡业务。“根据国家法规和公司章程在校验了本人二代身份证信息并比对了张女士临时身份证在系统中留存的相关信息后，依照业务办理程序办理的补卡业务。”

无独有偶，本报此前曾报道，深圳的高先生妻子的手机在1月1日突然无法正常通话、接收短信及上网，随后相继发现名下光大、平安及建行总计10万多元存款“消失”。接着，他们发现自己的SIM卡被人克隆了。

调查：

SIM卡被克隆转款也需密码

连日来，记者采访运营商、银行以及网络安全技术人士了解到，手机用户SIM卡被克隆，如果没有付款密码，也无法转走用户卡上的钱。

前述案例中，不法分子获取了张女士和高先生妻子的身份信息，然后克隆了她们的SIM卡。那么，有了预留的手机号、临时身份证以及银行账号，不法分子就能转走钱吗？

“不行，支付还得有支付密码。”银行人士告诉记者，即便骗子拿到这些信息，如果他们没有该密码，也无法完成支付。

那么，骗子怎样能获取或修改密码？该人士告诉记者，修改密码只能通过柜员机或柜台，如果骗子没有他人的银行卡，也无法更改密码，“没有卡，即使拿着身份证到柜台也改不了密码。”

那么，不法分子要实施盗刷，只能走电子渠道（网上银行或者手机银行），但在修改“取款密码”之前，都必须掌握“登录密码”。此时，身份证或者临时身份证作用并不大。

至于信用卡，还有一种修改“提现密码”、“消费密码”的途径，就是通过银行服务热线，可以通过预留的手机号码拨打热线（已克隆），并通过其他验证方式修改。

问题是，无论张女士还是高先生，其被盗转/盗刷的银行卡，并非全部开通手机银行/网上银行。换言之，手机即使被克隆，并不意味着用户银行卡上的钱就能转走。

网络安全技术人士称，不法分子能通过“撞库”的方式，获得部分用户的密码。“比如你用的邮箱密码泄露，他们就尝试匹配你的银行账号密码。”该人士表示，不法分子克隆手机号，只是骗局的一部分，并不是全部。

判例：

运营商不承担责任

无论是张女士还是高先生，被骗之后都第一时间报警，但目前尚未破案，所遭受的损失基本未追回。然而，案情尚未真相大白，用户以及网友都将责任指向运营商。“运营商是个通道，不能因为高速上出了车祸，就都怪在高速公路上。”日前，广东本地一家运营商人士表示，QQ、微信等网络平台上也有骗局，但很少消费者会找它们“补损”。该人士还透露，广州一手机用户接到自称“法院传唤”的电话，便信以为真，先后向对方账号打入了70多万元。当然，这笔巨款最终落入了骗子手中。

据该人士称，手机用户起诉运营商，认为运营商没有提供真实的电话，被不法分子用“改号软件”做了手脚。法院一审判罚运营商承担一定责任，罚金1万元。随后，运营商上诉，二审推翻了一审判决，运营商不用承担责任。“从这个判例看，法院显然认同了运营商的观点，提供通信服务保障，用户负责辨别来电的真伪。”

吊诡的是，深圳一市民同样收到经过“改号软件”做假的银行客服电话后，信以为真被骗44万元，起诉当地运营商索赔全部损失，近日一审审判结果出炉——运营商败诉。目前，该运营商已经上诉。

追问：

用户损失到底谁来赔？

“动态验证码是最后一环，克隆SIM卡和伪基站最可恶。”采访中，银行人士认为，运营商及其主管部门应堵住伪基站和克隆SIM卡的“口子”。运营商人士则表示，伪基站屡禁不止，在证件合规的情况下难以让营业厅客服判断谁在克隆他人的SIM卡。相反，银行是负责资金流转的最后一环，银行应该负责“截住”用户被骗的钱被转走。

“比如银行提供一个免责格式合同，手机用户签字即可按用户要求立即截住资金流转。”一位运营商人士表示，如果要求用户先报警，然后凭报警凭据再要求银行冻结账户，过程太长骗子动作太快。

对此，银行人士认为，此举也无法完全堵住骗子，不法分子通常养了数以百计的账户，很快就会分散转出账户里的钱。况且，银行间的转账走央行系统，紧靠一家或几家银行也堵不住，并且要具体个案分析。

“在互联网化的当下，方便和安全，是一对矛盾体，目前转账、网上支付是方便了，但安全性有待提高。”警方/公安部、运营商/工信部、银行/央行等，需要合力从源头、流程上管控，而不仅仅是通过联合行动打掉几个团伙，追回多少资金这种方式。