Lately i have been paying my bills online. I have great belief and trust for the state of security that modern giants have especially when online payments are done. But, lately i have become wary about the tardiness of some companies to take web security for granted.
The last payment i did, was one i did for family and this is a top-up for the mobile. The general assumption, is that it is all secure to run payments online. Wait, no. Make sure, you “watch” your surroundings on a website.
When there is a payment page generally, you would not want to have anything on that page. This only increases the attack surface for a hacker. You would want a separate page, that only has HTTPS transaction, and does what is necessary.
However, this spectacular vendor, failed security 101. It is definitely dense to have a “search bar” and other non-secure Artefacts on a secure payments page. Even Chrome said its a site worthy of snooping or an attack. Hell no, i am not going to put PII on a page and make payments like that.
What saddens me however, is how ignorant or less-savvy tech of this vendor is about the secure payments page. I wonder how long would it take till someone actually makes use of this terrible coding mishap.
I wont disclose the vendor here, but if you do your top ups online, please be aware of your surroundings on a website before making a payment.