Citibank payment service said flawed

A computer security researcher says he has found several flaws in Citibank's online payment service The flaws could potentially expose customer account information and even enable a malicious criminal to move money out of a victim's A Citibank spokesperson said the company is "continuing to take all necessary steps to ensure our c2it site is effectively protected."

Computer security specialist Dave Devitry released details of the security problem on the popular Bugtraq mailing list late Monday. He told that the flaw — known in security circles as the "cross-site scripting vulnerability" — opened Citibank customers up to a myriad of problems.

"You could automatically transfer cash out of bank accounts and credit cards. You could also access account numbers and bank accounts," Devitry said. Attackers could also get lists of credit card numbers stored on servers. The card numbers included a secret 3-digit security code general printed on the back of the credit card, Devitry said. Generally, merchants are instructed not to store the security codes with the credit card numbers.

News source: MSNBC - Citibank payment service said flawed

Report a problem with article
Next Article

Windows Messenger Voice and Video

Previous Article

Microsoft .Net and C#

-1 Comments - Add comment