Fleet credit card web site flawed
Posted by configure on 08 December 2001 - 11:12 · no comments & 538 views
About the Author
Full name: Unknown
Forum name:
configure
Contact: via forum PM
Submissions: Normal · Headline
Full name: Unknown
Forum name:
configureContact: via forum PM
Submissions: Normal · Headline
Slashdot It!
Submit to reddit
Submit to blinklist
Bookmark on del.icio.us
Add to furl
Share on Facebook
Add to Windows Live
Add to Google
Fleet Credit Card Services, a division of FleetBoston Financial, was advised of the problem around 4 p.m. ET on Friday, according to customer Jonathan Bryce. He found the flaw while checking his account earlier in the day.
Bryce contacted MSNBC.com after the company failed to return his phone calls. A spokesperson for Fleet said he wasn’t able to immediately comment on the situation. At 4 a.m. ET, the company admitted a computer glitch on its Web site, but didn’t describe the nature of that problem. A note on the site said: “The issues we experienced earlier causing Cardmember Access to be down have been corrected. We apologize for any inconvenience this may have caused.”
The hole allowed site visitors to view records of transactions recorded at the site dating back to April of 2000. Many of the transactions are mundane address request changes or simple balance transfers that don’t reveal any private information. But others include much private information, including everything needed for identity theft.
It appeared that nearly 600,000 transaction records are exposed to the flaw.
Bryce, a Web developer for RackSpace Managed Hosting in San Antonio, found the bug at work “out of curiosity.” He said he generally likes Fleet and the company’s Web site because it offers great flexibility and allows him to maintain multiple accounts.
But he was frustrated by the bank’s lack of responsiveness to his call to report the problem.
“I’m a customer and I want this fixed ... everything I’ve ever done there is viewable by anyone right now,” Bryce said. “I spoke with three different people there, customer service types. One said the IT department was moving and they couldn’t get anyone to talk to me, maybe not until Monday.”
Early Saturday, Bryce said a company executive had talked with him and he was satisfied that Fleet was working to fix the problem.
Fleet Credit Card Services is headquartered north of Philadelphia in Horsham, Penn. Fleet provides consumer credit card, credit products and related services throughout the U.S. According to a recent company statement, the firm has over 9 million accounts and $15 billion in managed receivables, making it the ninth largest Visa/MasterCard issuer in the nation.
It is not immediately known how many of those cardholders use the mycard.fleet.com Web site to maintain their accounts.