Website security loopholes force Ctrip to stop saving user CCV info
Print Edition
CTRIP will stop saving users’ credit card verification (CCV) information online after system loopholes were discovered on the travel website that led to the leak of user information and possible money loss.
Shanghai-based Ctrip, China’s biggest tourism website with more than 140 million users, said yesterday that it will not save users’ CCV numbers printed on credit cards and delete all CCV data stored in its servers.
The CCV number, a three-digit card verification number normally printed on the back of credit cards, is a security tool for card holders, who are required to enter the numbers to verify the card is on hand, usually used during online payment.
The saving of CCV numbers accelerates the transaction process but it carries potential risks, security experts and bank executives said.
Over the weekend, WooYun.org, a website specializing in reporting loopholes, said it had managed to download the credit card payment information, such as identity card numbers, bank card data and CCV information, of 93 users from Ctrip.com, thereby exposing loopholes on the latter’s website. The users held credit cards issued by China Merchants Bank.
The transactions on Ctrip International have not been affected by the credit card issues, the company said.
Ctrip said on Sunday that it had fixed the loopholes after conducting a thorough inspection. It had informed the 93 users and advised them to change their cards and promised to pay the card replacement costs.
But industry experts countered that Ctrip’s policy of saving users’ CCV information could still entail potential risks, which led the Nasdaq-listed company to announce it will stop saving user CCV information and delete the existing CCV data.
Ctrip has also created a special fund of 5 million yuan (US$806,000) to research online security enhancement.
Top dot-com firms such as Baidu and Tencent have invested heavily in online tourism, sparking concerns about the safety of credit card information bundled with online accounts and personal data.
- About Us
- |
- Terms of Use
- |
-
RSS - |
- Privacy Policy
- |
- Contact Us
- |
- Shanghai Call Center: 962288
- |
- Tip-off hotline: 52920043
- 娌狪CP璇侊細娌狪CP澶05050403鍙-1
- |
- 浜掕仈缃戞柊闂讳俊鎭湇鍔¤鍙瘉锛31120180004
- |
- 缃戠粶瑙嗗惉璁稿彲璇侊細0909346
- |
- 骞挎挱鐢佃鑺傜洰鍒朵綔璁稿彲璇侊細娌瓧绗354鍙
- |
- 澧炲肩數淇′笟鍔$粡钀ヨ鍙瘉锛氭勃B2-20120012
Copyright 漏 1999- Shanghai Daily. All rights reserved.Preferably viewed with Internet Explorer 8 or newer browsers.
