Does Your Bank or Credit Union Use Fiserv? If so, Your Financial Info May be at Risk.

Updated: Sep 5, 2018

If you're one of the 1700+ banks or credit unions currently using Fiserv, or are a customer of one, a flaw in the company's web platform may have exposed your personal and financial information to the masses.


The flaw was fist recognized by Kristian Erik Hermansen, when he received an email alert indicating a new transaction had posted to his own bank account. Noticing the alert was assigned with a specific "event number", Hermansen hypothesized the event numbers for similar trans]action would be assigned sequentially and then requested the same page again but first edited the site’s code in his browser so that his event number was decremented by one digit. This edit then allowed him to view and edit alerts created by other customers, as well as each customer's email address, phone number and full bank account number.


I shouldn’t be able to see this data. Anytime you spend money that should be a private transaction between you and your bank, not available for everyone else to see.

- Kristian Erik Hermansen


Since being notified of the security weakness, a Fiserv spokesperson gave the following response to KrebsonSecurity: "...we promptly engaged appropriate resources and worked around the clock to research and remediate the situation. We developed a security patch within 24 hours of receiving notification and deployed the patch to clients that utilize a hosted version of the solution. We will be deploying the patch this evening to clients that utilize an in-house version of the solution.”


For more info on the issue, and KrebonSecurity's own research into, and testing of the security flaw, check out the original story.


#Cybersecurity #Hacking #Security #Banking #InfoSecurity #Finance #Fiserv #KnowYourRysk #ReduceYourRysk

SUBSCRIBE TO OUR NEWSLETTER TODAY:

CALL US

Direct: (866) 797 5699

EMAIL US
OPENING HOURS

 24 Hours a Day / 7 Days a Week

OVER 30 YEARS OF EXPERIENCE...

...working with both private corporations and government agencies in the areas of cyber security, networking/infrastructure and systems and networks administration.

OUR SERVICES:

- Penetration Testing

- Remote Monitoring

- Security Engineering

- Security Integration

- Vulnerability Management

- Regulatory Compliance

- Incident Response

  • Facebook Social Icon
  • Twitter Social Icon
  • LinkedIn Social Icon

#KnowYourRysk

#ReduceYourRysk

© 2018 by The Rysk Group