Further setback for online banking

Share this article:

Another internet banking security blunder has been revealed, leaving users able to view each others' credit details.

Customers visiting Morgan Stanley's credit card account center were able to opt in to a Microsoft function that remembers passwords. The next user could then access information using data remembered by the PC.

Morgan Stanley fixed the problem and assured customers that the security flaw had not yet been exploited.

"Morgan Stanley has received no customer complaints or calls on this issue to date, and to our knowledge, no accounts have been accessed improperly," read an email statement. Visitors to the site will now find that password recognition function is blocked.

Last week, Cahoot, the online offshoot of UK bank Abbey National, revealed a similar security flaw that enabled customers to view others account details.

Analysts have described the situation as another blow for the internet banking industry.

"If the Cahoot situation set online banking back six months then it's eight months now," said Graham Titterington, principal analyst at Ovum.

"It's clear that banks aren't protecting their customers. These sort of problems were happening a few years ago and I'm afraid to say, they are going to happen again."

www.morganstanley.com
www.ovum.com
www.cahoot.com

Share this article:
You must be a registered member of SC Magazine to post a comment.
close

Next Article in News

Sign up to our newsletters

TOP COMMENTS

More in News

ISSA tackles workforce gap with career lifecycle program

ISSA tackles workforce gap with career lifecycle program ...

On Thursday, the group launched its Cybersecurity Career Lifecycle (CSCL) program.

Amplification DDoS attacks most popular, according to Symantec

Amplification DDoS attacks most popular, according to Symantec

The company noted in a whitepaper released on Tuesday that Domain Name Server amplification attacks have increased 183 percent between January and August.

Court shutters NY co. selling security software with "no value"

A federal court shut down Pairsys at the request of the Federal Trade Commission.