UBL wiz visa card Internet application insecure

Abdussamad.com

Home
Serendipity Templates
Web development
Contact

UBL wiz visa card Internet application insecure

United Bank Ltd. sells these prepaid visa cards called wiz. One of best features of these cards is that you can use them online. But before you can do that you have to send a signed Internet application form. You can send it via email, fax or postal mail.

But the email method of submission is very insecure.

Now the form has to contain your card number and your signature. So you have to download it, scan it and email it to them. The problem arises when it comes to the security of that email message. You have to send that email to them in unencrypted form! The reason being that they provide no PGP key for you to encrypt it. I emailed them asking for one but got no response!

But its not just the internet application form. One of the features of a wiz card is the option to receive an account statement via email. This is actually an essential feature because its the only way to get an account statement short of going to an ATM. Unfortunately this e-statement also includes your full debit card number in plain text!

Anyone can intercept these emails and it will reveal your debit card number. The hacker can then use that number to shop online at your expense!

Ironically when you visit UBL's site you are redirected to a secure HTTPS version. But when it comes to sending debit card numbers they have no encryption system in place like PGP.

Looks like these guys have a lot to learn about IT security.

٢١ ذو القعدة ١٤٣٠
08 Nov 2009
Comments (5)
Comments

Hassan
1
*The debit card number alone won't do any good.
Sunday, November 15. 2009 -
٢٨ ذو القعدة ١٤٣٠
Reply
Abdussamad Abdurrazzaq
1.1
*Yeah your right. They also need the expiry date and they have to know when your card is activated for online use. But its still better to be safe than sorry.
Monday, November 16. 2009 -
٢٩ ذو القعدة ١٤٣٠
Reply
Abd-ul-qadir
2
*activate my wizz card
Wednesday, July 7. 2010 -
٢٦ رجب ١٤٣١
Reply
Abdussamad Abdurrazzaq
2.1
*This is not UBL's site. I am not affiliated with them in anyway. IMO UBL should not activate your card because you don't appear to be very smart at all.
Friday, July 9. 2010 -
٢٨ رجب ١٤٣١
Reply
farooq
3
*UBL PAKISTAN is third class Bank . Bakwas Bank hei . WIZ Take 30 days or more to be activated .
Tuesday, August 3. 2010 -
٢٣ شعبان ١٤٣١
Reply

Add Comment


Standard emoticons like :-) and ;-) are converted to images.
E-Mail addresses will not be displayed and will only be used for E-Mail notifications

To prevent automated bots from comment spamming, please enter the letters or numbers you see in the image below in the appropriate input box.
CAPTCHA




RSS feed
animated rss feed icon
Categories
Quicksearch
Links
My other blogs

Website Themes

Powered by
Serendipity PHP Weblog
© 2006-2010 Abdussamad's blogspace -  Privacy policy  - Contact