CN: Website security loopholes force Ctrip to stop saving user CCV info
Si Huan reports:
Ctrip will stop saving users’ credit card verification (CCV) information online after system loopholes were discovered on the travel website that led to the leak of user information and possible money loss.
Shanghai-based Ctrip, China’s biggest tourism website with more than 140 million users, said yesterday that it will not save users’ CCV numbers printed on credit cards and delete all CCV data stored in its servers.[…]
Over the weekend, WooYun.org, a website specializing in reporting loopholes, said it had managed to download the credit card payment information, such as identity card numbers, bank card data and CCV information, of 93 users from Ctrip.com, thereby exposing loopholes on the latter’s website. The users held credit cards issued by China Merchants Bank.
Read more on ECNS