ScottulusMaximus
Honorary Master
So my mom needs to send money from zim to here fairly regularly so I can buy stuff to send back when she needs whatever, random amounts at random times. So I took out a prepaid credit card and she just loads USD into it whenever needed and I draw or swipe for it here. It's a good system for us.
Anyway the card comes with an internet banking portal type thing, this is where it gets funny:
https://customerportal.fbc.co.zw/CustomerPortal/WebPages/Login.jsp
1. The page isn't HTTPS
2. The username you log in with is your credit card number!?!?!?
3. Once logged in the portal opens in a pop-up, also not https
Now to the "security" measures around the password, firstly you need at least 1 letter, 1 number and 1 special character but not more than 15 characters. It's also recommended to use the on-screen keyboard... And it automatically resets after 60 days, now the reason why I'm typing this essay.
Naturally I'm over the 60 day reset so it asks for old password and then new password twice, happy days, hit submit and try login again. Invalid password... I try twice no such luck, use my old password and it asks me to reset, once again submit. Back to login, use new password, invalid password entered 3 times account locked.
So I phone them to shout and they say there's a problem with the system not to worry, I'll reset it for you. To verify your identity please answer your security question... No problem I say, what was my security question? And I **** you not she replied with:
Sir, you should remember what your security question was and it's answer, I now have to lock your card, please report to any branch to reactivate... If I wasn't laughing so hard I would've climbed through the phone and killed her.
Anyway the card comes with an internet banking portal type thing, this is where it gets funny:
https://customerportal.fbc.co.zw/CustomerPortal/WebPages/Login.jsp
1. The page isn't HTTPS
2. The username you log in with is your credit card number!?!?!?
3. Once logged in the portal opens in a pop-up, also not https
Now to the "security" measures around the password, firstly you need at least 1 letter, 1 number and 1 special character but not more than 15 characters. It's also recommended to use the on-screen keyboard... And it automatically resets after 60 days, now the reason why I'm typing this essay.
Naturally I'm over the 60 day reset so it asks for old password and then new password twice, happy days, hit submit and try login again. Invalid password... I try twice no such luck, use my old password and it asks me to reset, once again submit. Back to login, use new password, invalid password entered 3 times account locked.
So I phone them to shout and they say there's a problem with the system not to worry, I'll reset it for you. To verify your identity please answer your security question... No problem I say, what was my security question? And I **** you not she replied with:
Sir, you should remember what your security question was and it's answer, I now have to lock your card, please report to any branch to reactivate... If I wasn't laughing so hard I would've climbed through the phone and killed her.
