Bank of America, Chase have potential security flaw exposed

Consumers with credit cards issued by two of the nation’s largest lenders may be at greater risk for identity theft as a result of a feature designed to be a convenience.

Both Bank of America and Chase allow consumers to bypass a number of security features as long as they have the phone number associated with the account, according to a report from MSNBC. If they have this piece of information, which can be relatively simple for crooks to obtain, then they only need to enter the final four digits of the account number, rather than the whole thing.

This can be problematic because that information is listed on most receipts, the report said. Then, a crook would be able to find more information about the borrower’s account and lend credibility to a potential phishing attack by sharing details a consumer may think would only be accessible for them and their bank.

Experts warn that consumers should never give out any of their personal or financial information to a person initiating contact with them, as no legitimate business would ask them to “confirm” any of these details.