FNB website exposed private information

First National Bank’s online card tracking facility exposed the names, ID numbers, phone numbers, and delivery addresses of clients to anyone who knows what the reference number for the tracking service looks like.

These reference numbers are sequential, so if you know one it is very easy to guess others and, in that way, see the personal information of other FNB clients who got credit, cheque, and other cards with an expiry date from the bank.

MyBroadband was alerted to the issue by a concerned reader who said they reported the issue to FNB in July, but had received no feedback on their complaint.

Queried about the issue, FNB said that its card tracking facility was implemented to give customers the ease of tracking their card delivery without having to phone a contact centre.

“The facility is, in essence, the tracking service of the courier company on the FNB portal but the card can only be tracked with the reference number, issued to the customer by the courier company via SMS,” said Marcel Klaassen, head of growth at FNB Business.

Within a day of being contacted for comment on the issue, FNB said it had disabled the card tracking feature on its site until it could implement changes.

“Whilst we have not received complaints until this point and the details are only available to the individual [who reported the issue to MyBroadband], FNB is committed to ensuring that customers are comfortable with the facility,” Klaassen said.

Klaassen added that to ensure customers are comfortable, FNB has requested that all personal information be removed from the tracking portal.

“Please note that this service will be updated with these changes and until such time that the process is complete the facility has been disabled,” Klaasen said.

Beware of this banking scam in SA: Sabric

Bash bug shock – what should you do?

Jamming devices worth R200,000 recovered

Did SA government blow €2-million on spyware?

Mass hacking of South African websites

Latest news

Partner Content

Show comments

Recommended

Share this article
FNB website exposed private information