Good Example of How Tricky Security Is - Even for Banks

I signed up for online visa account access today at CIBC, and found a basic security flaw in their registration process.

Here is their form:


The flaw is the last question - the previous balance. The flaw is a simple one - if you call up VISA on the phone and give them the information above, the phone system provides your previous month's balance!

It just goes to show that even a security conscious bank can make easy mistakes when it comes to security and the moral of the story is a simple lesson: make sure you analyze all your access channels for possible leakage of authenticating information before you demand it online.