Internet Banking Security

I have just spoken to Standard Bank helpdesk who couldn't help me and i was passed onto a "TEAM LEADER". The team leader told me that he would pass the information onto the internet security division and they would call me back. After about 30mins they called back to say that followed up on the forum and are currenlty investigating the truth to the exploit. Only once a thorugh investigation has been done will they be able to comment (but not on the forum.) The guy i spoke to said that they have had dealings with PaulCam before and have shut him down, WHAT DOES THAT MEAN PAUL? I was also told that they keep their anti-virus software up2date and i shouldn't worry (what the hell does virus software have to do with a security hole???). I was also told that if my account is somehow tampered with i will only be covered if i can prove that i was not neglegant, so i said but if through this exploit my account was accessed how would i prove that you were to blame, all i got was errrrr, we will investigate, so i have to leave it in their hands to tell me i was to blame. And hence never see my so called securely protected money again.... :-(
 
Simple, dont use internet do not trust it. I use Telkom cybertrade dial in and connect to standard via this secure server or via a VPN link only if it has to be over the internet.
 
Banks Responses

It seems that both banks are now aware of the situation.

I am interested in the fact that I have been shutdown. Yes, indeed, I have had discussions at 3 times in the past with the Standard Bank. The first time was related to "Red Button" exploit on their NT web server. They eventually fixed that after denying it for a long time.

The second one was a problem with IE that could be exploited by a MitM. The guy I spoke to was very helpful, but it was a browser problem so they couldnt fix it. But they could have notified customers, which they didnt do.

The third time, I even met with them and explained the problem. They thanked me for my time, and said they would look into it.

I dont ever remember being "shutdown" - perhaps they left off the "-h", so I am still in single-user mode :) If the banks are so confident, and they are aware of this thread, why dont they post something here?
 
Ignorance is bliss.
However, it pisses me off no end that they don't take things like this seriously. I'm with Standard Bank, and this sort of thing definately doesn't inspire customers happyness.

So, SB, if you are watchin this thread... make something happen soon, or else i'm sure someone, without the good intentions that paulcam has, will make something else happen.

Cheers, Nick
 
I see that Standard Bank does have a sms notification system for when you log into the internet banking part of the website. It is under the My notification link.
Cheers, Nick
 
Thanks for all the comments.

At this stage, I have spoken to the FNB helpdesk, who assure me that there is no truth in this matter.

I have also spoken to someone who has spoken to Standard Bank. They are also aware of the posting. I have also communicated all the details which I am about to post with Standard Bank in the past, but they didnt react to it.

Neither Bank has responded to this thread, nor have they contacted me. I have accounts with both banks, and have received calls from both banks in the past, so they are aware of who I am.

I have been advised not post a step-by-step guide, so I will rather post description of the relevant issues, and the possible shortcomings of the security. I will start a new thread to cover this discussion. Then you can decide for yourself.

Remember: Practice safe Hex and avoid computer viruses today!
 
Standard Bank Internet Banking appears to have been changed to use secure Cookies. This has resolved the problem.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X