I signed up for online visa account access today at CIBC, and found a basic security flaw in their registration process.
Here is their form:
The flaw is the last question - the previous balance. The flaw is a simple one - if you call up VISA on the phone and give them the information above, the phone system provides your previous month's balance!
It just goes to show that even a security conscious bank can make easy mistakes when it comes to security and the moral of the story is a simple lesson: make sure you analyze all your access channels for possible leakage of authenticating information before you demand it online.
- ► 2009 (24)
- ▼ August (2)