Home > News > Economy
Text: | Print|

Website security loopholes force Ctrip to stop saving user CCV info

2014-03-26 14:04 Shanghai Daily Web Editor: Si Huan
1

Ctrip will stop saving users' credit card verification (CCV) information online after system loopholes were discovered on the travel website that led to the leak of user information and possible money loss.

Shanghai-based Ctrip, China's biggest tourism website with more than 140 million users, said yesterday that it will not save users' CCV numbers printed on credit cards and delete all CCV data stored in its servers.

The CCV number, a three-digit card verification number normally printed on the back of credit cards, is a security tool for card holders, who are required to enter the numbers to verify the card is on hand, usually used during online payment.

The saving of CCV numbers accelerates the transaction process but it carries potential risks, security experts and bank executives said.

Over the weekend, WooYun.org, a website specializing in reporting loopholes, said it had managed to download the credit card payment information, such as identity card numbers, bank card data and CCV information, of 93 users from Ctrip.com, thereby exposing loopholes on the latter's website. The users held credit cards issued by China Merchants Bank.

The transactions on Ctrip International have not been affected by the credit card issues, the company said.

Ctrip said on Sunday that it had fixed the loopholes after conducting a thorough inspection. It had informed the 93 users and advised them to change their cards and promised to pay the card replacement costs.

But industry experts countered that Ctrip's policy of saving users' CCV information could still entail potential risks, which led the Nasdaq-listed company to announce it will stop saving user CCV information and delete the existing CCV data.

Ctrip has also created a special fund of 5 million yuan (US$806,000) to research online security enhancement.

Top dot-com firms such as Baidu and Tencent have invested heavily in online tourism, sparking concerns about the safety of credit card information bundled with online accounts and personal data.

Related News

  • Ctrip hit by security loophole

    2014-03-24

  • Ctrip fixes loophole to safeguard user information

    2014-03-23
    • Photo
    + More
    China-Germany ties at a glance

    China-Germany ties at a glance

    Nomads move livestock to summer pastures in Xinjiang

    Nomads move livestock to summer pastures in Xinjiang

    Chinese military equipment exhibited at Kazakhstan Defense Exhibition

    Chinese military equipment exhibited at Kazakhstan Defense Exhibition

    Spectacular views along 180-kilometer road in N China

    Spectacular views along 180-kilometer road in N China

    Artistic baker creates mirror glazed cakes

    Artistic baker creates mirror glazed cakes

    Rural barber offers home service for five decades

    Rural barber offers home service for five decades

    Yellow River stone forest national geological park

    Yellow River stone forest national geological park

    Couple tours 34 countries with 7-year-old in motorhome

    Couple tours 34 countries with 7-year-old in motorhome

    Comments (0)
    Most popular in 24h
    Top news
    Video
    + More
      Archived Content
    Media partners:
    People's Daily Online | Xinhuanet | China.org.cn | ChinaDaily.com.cn | CGTN | Globaltimes.cn | Chinaplus.cri.cn | Shine.cn | JSCHINA | China Military Online | Taiwan.cn | Sina English | Caijing | Caixin Online | CE.cn | GMW.cn | Women of China | newsgd.com
    Links | About Us | Jobs | Contact Us | Privacy Policy
    Back to top

    Copyright ©1999-2018 Chinanews.com. All rights reserved.
    Reproduction in whole or in part without permission is prohibited.