And then there’s PayID in Australia: “pay anyone using their phone number”. Only the people setting up the processing system decided that all the security required for Visa/MasterCard processing was an obstacle and they didn’t think to implement rate limiting on their facility that provides account details in response to a phone number query.
In this story they refer to a “spike” in queries to the database. What actually happened is that someone tried querying every mobile phone number in Australia.
https://www.itnews.com.au/news/aussie-banks-warn-customers-a...
In this story they refer to a “spike” in queries to the database. What actually happened is that someone tried querying every mobile phone number in Australia.