My rant of day: secure payments online. fail 101

Lately i have been paying my bills online. I have great belief and trust for the state of security that modern giants have especially when online payments are done. But, lately i have become wary about the tardiness of some companies to take web security for granted.

The last payment i did, was one i did for family and this is a top-up for the mobile. The general assumption, is that it is all secure to run payments online. Wait, no. Make sure, you “watch” your surroundings on a website.

When there is a payment page generally, you would not want to have anything on that page. This only increases the attack surface for a hacker. You would want a separate page, that only has HTTPS transaction, and does what is necessary.

However, this spectacular vendor, failed security 101. It is definitely dense to have a “search bar” and other non-secure Artefacts on a secure payments page. Even Chrome said its a site worthy of snooping or an attack. Hell no, i am not going to put PII on a page and make payments like that.

What saddens me however, is how ignorant or less-savvy tech of this vendor is about the secure payments page. I wonder how long would it take till someone actually makes use of this terrible coding mishap.

I wont disclose the vendor here, but if you do your top ups online, please be aware of your surroundings on a website before making a payment.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s