Exactly. Not that serious in itself, but how many other things are they getting wrong that you can't see?I usually consider my self pretty understanding on stuff and give the benefit of the doubt. But, I'd agree that this is a very significant slip up. Almost to the point where it couldn't possibly be a slip up. If even the basic security tools were being used then this would have been flagged and or blocked. Which would mean someone would have to acknowledge and sign off on this being part of the design so it could go through. Or, none of that is being used and there truly is lax oversight. Neither is good. It's been over a decade since stuff like this was phased out for all but the most trivial of apps.
This is exactly my concern. I understand the username alone doesn't give someone access to my accounts, but given this is the bank's NEW homegrown online banking system, it leaves me wondering what else they haven't done up to today's security standards.
I'd be dropping the bank as soon as possible.
Statistics: Posted by telemark — Mon Nov 10, 2025 10:25 pm — Replies 27 — Views 1800