What if I don’t cover my hands properly when entering my debit card PIN? Under normal circumstances, not much. The chances of someone knowing your PIN and bank card details just by glancing over your shoulder are low. However, strategies are used every day to collect this data. For example, infamous individuals or groups may use physical protein skimmers to collect card data for payment fraud, identity theft in places like gas stations, ATMs, vending machines or vending machines. of tickets.
When used for debit transactions, think of your card number as a username and your PIN as a password. Without both, a debit transaction will be refused by your financial institution, and for good reason.
What happens when that same financial institution allows a third party to read, in clear text, your username and password online for your account, your downloaded application or, if you reuse that information? identification, on other personal accounts elsewhere? Any company that allows third parties to directly view your username and password without encryption or encryption could disclose your information, without too much effort on the part of malicious individuals or groups. It would be a worrying event.
This is precisely what we feel in the security industry when we read or watch reports about companies allowing third parties to access their site, without security or authorization, to browse data in input fields. The most recent example of this is with Ally Bank.
Ally Bank informed customers that third parties accessed unencrypted usernames and passwords as customers typed information into their login fields. Legitimate third parties included, as Ally Bank site services were allowed to browse the username and password fields with no problem.
It is one thing to understand that malicious code is dealt with in one way or another on a daily basis. Knowing that the companies you do business with take malicious attempts to collect your data seriously is heartwarming. But when we find out that these same companies haven’t put in place any protection against skimming and collection of your data by known third parties, it’s not at all comforting.
There is a solution to this feeling of discomfort: Source Defense. As we have repeatedly mentioned in our blogs, Source Defense prevents form hijacking, eSkimming, and website degradation by malicious third parties. and known third parties in real time. If a business collects data from customers, a Source Defense solution is the only solution that can prevent a situation with Ally Bank from occurring.
If you would like more information about Source Defense, please request a demo or if you would like to learn more about Magecart and earn free CPE credits, please register for one of our upcoming Cyber Academy courses.
The item When You Need An Ally, Choose Source Defense appeared first on Source Defense.
*** This is a syndicated Security Bloggers Network blog from Blog – Source Defense written by Randy Paszek. Read the original post at: https://sourcedefense.com/resources/blog/when-you-need-an-ally-choose-source-defense/