I’ve tried getting them to give me a checksum to verify validity. For example, t... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		gnicholas on Oct 9, 2019 \| parent \| context \| favorite \| on: I was just subjected to the most credible phishing... I’ve tried getting them to give me a checksum to verify validity. For example, tell me the sum of the last four digits of my card number. They always refuse, so I always hang up and call back. Too bad they don’t understand that giving out a checksum is not insecure.

mbauman on Oct 9, 2019 [–]

Well, yeah, if it's not standard operating procedure I'd hope they'd refuse.

Now, it should be supported, but I don't want the folks on the front lines guessing (or figuring out on their own) what sorts of mathematical games are safe. Erring on the side of caution is the right approach for CSRs.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact