• Hey there! Welcome to TFC! View fewer ads on the website just by signing up on TF Community.

Serious Security Glitch in ICICI Bank's iMobile Alert

Apply For Lifetime Free IDFC First Credit Card
Private

Private

TF Buzz
TechnoFino said:
Several users have reported being able to view other customers' ICICI Bank credit cards on their iMobile app. Since the full card number, expiry date, and CVV are visible on iMobile, and one can manage international transaction settings, it's easy for someone to misuse another person's credit card for international transactions.

What can you do?
If you can't do anything, and someone has access to your card, they can change settings on iMobile without OTP or even MPIN. The best option is to block the card and replace it; this will provide some temporary relief.

Update:
It seems ICICI Bank has restricted access to credit card details on the iMobile app for everyone.

Update:
ICICI Bank response regarding the issue on mint
20240425_170314.jpg


Update 26/04/2024:
ICICI Bank has instructed its delivery partners to immediately return all in-transit debit and credit card deliveries to the bank.

@googley :

I have access to someone else’s Amazon Pay CC due to a security glitch on the iMobile app.
Although OTP restricts domestic transactions but I can do international transactions using the details from the iMobile app.
The app even allows me to enable international transactions in case it has been disabled by the actual user.

I have already flagged this to ICICI team they are working on this on priority as multiple customers have reported this. I wanted to alert the community folks too regarding the same.
Click to expand...

TechnoFino said:
Several users have reported being able to view other customers' ICICI Bank credit cards on their iMobile app. Since the full card number, expiry date, and CVV are visible on iMobile, and one can manage international transaction settings, it's easy for someone to misuse another person's credit card for international transactions.

What can you do?
If you can't do anything, and someone has access to your card, they can change settings on iMobile without OTP or even MPIN. The best option is to block the card and replace it; this will provide some temporary relief.

Update:
It seems ICICI Bank has restricted access to credit card details on the iMobile app for everyone.

Update:
ICICI Bank response regarding the issue on mint
20240425_170314.jpg


Update 26/04/2024:
ICICI Bank has instructed its delivery partners to immediately return all in-transit debit and credit card deliveries to the bank.

@googley :

I have access to someone else’s Amazon Pay CC due to a security glitch on the iMobile app.
Although OTP restricts domestic transactions but I can do international transactions using the details from the iMobile app.
The app even allows me to enable international transactions in case it has been disabled by the actual user.

I have already flagged this to ICICI team they are working on this on priority as multiple customers have reported this. I wanted to alert the community folks too regarding the same.
Click to expand...
There is amazon pay credit card in attachment ending with 0006.
My amazon pay credit card end with 0006. can you confirm last 8 digit of this credit card.
 
imdjay

imdjay

TF Ace
Contributor
VIP Lounge
Zacobite said:
it says we are under maintenance for me when i try to log in.. 1000234373.jpg
Click to expand...
Working fine for me.
I also had applied and received new card last week. Not even generated PINs. What are the chances I am also affected due to this glitch?
 
T

thanix

TF Ace
VIP Lounge
I don't think it is newly issued cards only. My wife having ICICI Account was checking eligible credit cards, a week ago. Yesterday, she shown the same page to me and it was showing some random name called Jagir. Forgot to take picture. She is not going to touch ICICI cards for some time.
 
Copycat

Copycat

TF Ace
VIP Lounge
thanix said:
I don't think it is newly issued cards only. My wife having ICICI Account was checking eligible credit cards, a week ago. Yesterday, she shown the same page to me and it was showing some random name called Jagir. Forgot to take picture. She is not going to touch ICICI cards for some time.
Click to expand...

I agree. I think the ICICI "admission" was just a load of misdirection. A bunch of jargon that sound legit but means nothing. What exactly did they mean by "erroneously mapped"? The card was probably matched to the correct person who had ordered it, but what was shown was probably due to a bug in the code that showed other peoples' card to you. Why else would ak93 have seen 14 cards? https://www.technofino.in/community...n-icici-banks-imobile-alert.25879/post-620666 Surely no new customer would have 14 cards approved at one go? (also the Reddit user who saw 11 cards: https://www.technofino.in/community...n-icici-banks-imobile-alert.25879/post-620676)
 
Private

Private

TF Buzz
Copycat said:
I agree. I think the ICICI "admission" was just a load of misdirection. A bunch of jargon that sound legit but means nothing. What exactly did they mean by "erroneously mapped"? The card was probably matched to the correct person who had ordered it, but what was shown was probably due to a bug in the code that showed other peoples' card to you. Why else would ak93 have seen 14 cards? https://www.technofino.in/community...n-icici-banks-imobile-alert.25879/post-620666 Surely no new customer would have 14 cards approved at one go? (also the Reddit user who saw 11 cards: https://www.technofino.in/community...n-icici-banks-imobile-alert.25879/post-620676)
Click to expand...
I blocked my credit card. can't take chance. International transactions doesn't require OTP.
 
ak93

ak93

TF Ace
VIP Lounge
Verified User
Copycat said:
I agree. I think the ICICI "admission" was just a load of misdirection. A bunch of jargon that sound legit but means nothing. What exactly did they mean by "erroneously mapped"? The card was probably matched to the correct person who had ordered it, but what was shown was probably due to a bug in the code that showed other peoples' card to you. Why else would ak93 have seen 14 cards? https://www.technofino.in/community...n-icici-banks-imobile-alert.25879/post-620666 Surely no new customer would have 14 cards approved at one go? (also the Reddit user who saw 11 cards: https://www.technofino.in/community...n-icici-banks-imobile-alert.25879/post-620676)
Click to expand...
They belonged to different customers, not one. I know a lot of new cards were issued because they had come to our office and atleast 10 of my colleagues applied for the Sapphiro dual card in few days.

But like you said, the bug maybe not with mapping but showing incorrectly! How else would i get sms and email if incorrectly mapped? It could be wrong mapping to customer id as I could not see cards even after it was delivered for few days.
 
nirmalya

nirmalya

TF Select
RBI should take strict actions against banks for such data breaches. In India, there is a strong need of data protection laws to protect consumer data.
 
C

credit_noob

TF Select
amit90 said:
I noticed that ICICI cards transaction are successful, even if you put wrong 3 digit cvv. I complained about this issue, Bank took this casually but unfortunately i did not follow up due to busy schedule.. Did any member face this kind of issue?
Click to expand...
Yes even with wrong CVV transaction still successful and everything normal only ICICI is a joke I think it fixed? No idea
 
vishp

vishp

TF Select
VIP Lounge
I had questioned to ICICI whether my card data was also leaked as I got my new card just a few days back. They said the below:
"We inform you that the mentioned issue was due to technical migration at our end. We regret the inconvenience caused. We inform you that your credit card data is safe and secure."
 
yolofino

yolofino

TF Premier
vishp said:
I had questioned to ICICI whether my card data was also leaked as I got my new card just a few days back. They said the below:
"We inform you that the mentioned issue was due to technical migration at our end. We regret the inconvenience caused. We inform you that your credit card data is safe and secure."
Click to expand...
I pretty much received a similar response. How to complain to RBI? I asked for replacements (free).
 
bhavik886151

bhavik886151

TF Premier
There is always problem with ICICI System

today i buy some thing online using ICICI credit card but by mistake i add my debit card CVV and still i received the OTP and transaction successfully completed

few month back also i check out with my debit card CVV and transaction completed
 
H

Harry1

TF Legend
VIP Lounge
Verified User
bhavik886151 said:
There is always problem with ICICI System

today i buy some thing online using ICICI credit card but by mistake i add my debit card CVV and still i received the OTP and transaction successfully completed

few month back also i check out with my debit card CVV and transaction completed
Click to expand...
Many people have reported that it goes through with wrong expiry also in case of icici. Only OTP is verified.
 
shrewdoc

shrewdoc

TF Ace
bhavik886151 said:
There is always problem with ICICI System

today i buy some thing online using ICICI credit card but by mistake i add my debit card CVV and still i received the OTP and transaction successfully completed

few month back also i check out with my debit card CVV and transaction completed
Click to expand...
It is common in foreign transactions as well, not just with ICICI.

I read that geo-locations are tagged from the IP Address and the Device ID and if it matches with the known data pool of the user, the transactions go through without any hassle. Many checks are done in the background, which we are not aware of.
 
MrJJ

MrJJ

TF Premier
shrewdoc said:
It is common in foreign transactions as well, not just with ICICI.

I read that geo-locations are tagged from the IP Address and the Device ID and if it matches with the known data pool of the user, the transactions go through without any hassle. Many checks are done in the background, which we are not aware of.
Click to expand...
Jinke credit cards aise hi sab ke paas access ho jaayein vo kya check krte honge sab samajh sakte hain...

Never be naive and fully trust your banks, they just want to make money by following minimum guidelines given to them by RBI. If RBI wasn't there they wouldn't even give a shit about security.

On that note, ICICI's netbanking is least secure in my opinion, it let's you login with just username and password, there is no 2FA or OTP verification etc.
 
shrewdoc

shrewdoc

TF Ace
MrJJ said:
Jinke credit cards aise hi sab ke paas access ho jaayein vo kya check krte honge sab samajh sakte hain...

Never be naive and fully trust your banks, they just want to make money by following minimum guidelines given to them by RBI. If RBI wasn't there they wouldn't even give a shit about security.

On that note, ICICI's netbanking is least secure in my opinion, it let's you login with just username and password, there is no 2FA or OTP verification etc.
Click to expand...
I assume you have some beef with ICICI. I am not here to defend any bank, but about the post you quoted, it is followed by institutions worldwide was what I meant to say.
 
You must log in or register to reply here.
Apply For SBI Cashback Credit Card

Similar threads

sam345
Rupay credit card glitch or something else
Replies
6
Views
441
cardex
cardex
S
Proper app for HDFC Credit Cards !
Replies
7
Views
828
Mpautobe
Mpautobe
Aditya12
iOS 18 will bring Apple Pay in India
Replies
15
Views
921
Swastik_p
Swastik_p
C
Prime video app saying 'Please sign in with currently active account'
Replies
4
Views
2K
Chaitanya-a
C
K
LOOP HOLE IN CREDIT CARD
Replies
5
Views
718
Superxan
Superxan
Top