Submission + - Bank Card Company violates their own rules
FnH writes: "Bank Card Company, the Belgian branch of Atos Worldline, the European leader in the processing of high-volume electronic transactions violates basic security guidelines.
They are advertising for a contest where, in order to sign up, you have to input your personal information and credit card number into a flash application on an unsecured web page. This might be excused if the flash application sent the data back over a secure channel, but this isn't the case. A quick capture using wireshark reveals that the data is sent back using a soap call over an unsecured http connection.
One would hope that the flashy registration wizard ends with a load wav berating the user for inputting such confidential data into a website without checking for the padlock or colored address bar, but alas.
How do they expect mom and dad to learn to shop safely on the internet when they are setting such a bad example themselves?"
They are advertising for a contest where, in order to sign up, you have to input your personal information and credit card number into a flash application on an unsecured web page. This might be excused if the flash application sent the data back over a secure channel, but this isn't the case. A quick capture using wireshark reveals that the data is sent back using a soap call over an unsecured http connection.
One would hope that the flashy registration wizard ends with a load wav berating the user for inputting such confidential data into a website without checking for the padlock or colored address bar, but alas.
How do they expect mom and dad to learn to shop safely on the internet when they are setting such a bad example themselves?"