Further setback for online banking

Share this article:

Another internet banking security blunder has been revealed, leaving users able to view each others' credit details.

Customers visiting Morgan Stanley's credit card account center were able to opt in to a Microsoft function that remembers passwords. The next user could then access information using data remembered by the PC.

Morgan Stanley fixed the problem and assured customers that the security flaw had not yet been exploited.

"Morgan Stanley has received no customer complaints or calls on this issue to date, and to our knowledge, no accounts have been accessed improperly," read an email statement. Visitors to the site will now find that password recognition function is blocked.

Last week, Cahoot, the online offshoot of UK bank Abbey National, revealed a similar security flaw that enabled customers to view others account details.

Analysts have described the situation as another blow for the internet banking industry.

"If the Cahoot situation set online banking back six months then it's eight months now," said Graham Titterington, principal analyst at Ovum.

"It's clear that banks aren't protecting their customers. These sort of problems were happening a few years ago and I'm afraid to say, they are going to happen again."


Share this article:

Next Article in News

Sign up to our newsletters

More in News

AOL Mail hack furthers spam campaign using spoofed accounts

AOL confirmed on Monday that it was aware of the issue and working to remediate the situation.

Backdoors in Wi-Fi routers, said to be closed, can be reopened

Backdoors in Wi-Fi routers, said to be closed, ...

Although said to be patched, researcher Eloi Vanderbeken discovered during the Easter holiday that backdoors existing in certain wireless routers can be reactivated.

Apple ships Mac OS X updates, fixes several code execution bugs

Apple ships Mac OS X updates, fixes several ...

Among the addressed vulnerabilities, was a bug affecting WindowServer, which could allow an attacker to execute malicious code outside the sandbox.