Punjab National Bank - Not safe website!!!

mikey72

Now, India, Nigeria, or Cyprus?
Who's going to be best for everything I have worked 30 years for?

D1zzy

mikey72 wrote: »

Now, India, Nigeria, or Cyprus?
Who's going to be best for everything I have worked 30 years for?

Well I did try ICICI (in the good old days) - no problems , but I couldn't understand the accents and the "uber" politeness drove me nuts, so it was a relief to escape. Never say never, but it would need to be a very very VERY good rate to get me back there.

mr_fishbulb

Peelerfart wrote: »

I'm sure it does and if you're prepared to risk it then,as I've said good luck.

Remember the fuss with Icesave ? , course you do.

Errrr, remember the fuss with Northern Rock?

OneADay

D1zzy wrote: »

I think I would have more concerns about the Nigerians than the Punjabis - something to do with all those nice invites I get offering to give me money for the use of my bank account :rolleyes:

I did think Firstsave about it for over a week before applying. Basically had the option to stick 20k into 2 year halifax bond paying 4.25% or split half and half between halifax 2 years and firstsave for 1 year (and hence reduce my support for the government bank ).

I wont be putting any more into firstsave - aim is to get the money back in a year and hopefully better rates in uk banks by then.

Guess the standard UK banks are not interested in savers.

poppy10_2

LOL, what a bunch of jokers. Their website looks like a 1997 Geocities page. The lack of security on the site is appalling, they expect you to enter all your personal details on a site that does not provide even the most basic of web security. God only knows what will happen to your information once they store it.

Incidentally on the financial side of things the bank isn't that secure either - it has a credit rating of BAA3 for bank deposits and D- (I didn't know the ratings went that low) for Bank Financial Strength.

Seriously, why risk your money in such a fishy bank just for the sake of an extra 0.5%?

alanq

It is worse than so far stated. I went to have a look at the pnb website and Norton Internet Security reported an attempt to install a Trojan on my computer.

poppy10_2

alanq wrote: »

It is worse than so far stated. I went to have a look at the pnb website and Norton Internet Security reported an attempt to install a Trojan on my computer.

OMG - I thought you were joking, but you're right.
I just used Internet Explorer (for the first time in about 5 years) and on trying to enter the PNB website, Avast popped up a trojan warning. I hadn't clicked anything on the website, it was a complete drive-by download as soon as I tried to enter the site





Scary stuff. :eek::eek::eek:

Yet another reason never to use IE (this was the latest IE8 version, fully patched and updated via Windows Update. I feel so dirty now, gonna have to do a System Restore to ensure no nasties have been left behind on my system. :mad:

Martin/moderators please remove this bank from the list of recommendations until they have sorted out their security!

alanq

I was using Firefox with Noscript add-on so I don't know if any damage would have been done if Norton hadn't intervened.

I had thought that there was a chance that this was a false positive but if two security programs are of the same opinion that is looking less likely. Who'd have thought one could get a trojan from visiting the website of an approved bank merely by viewing its home page.

D1zzy

Just in case any of you visited the site and are concerned because you did not get a warning The UK bank is WWW. PNBINT.COM - and that appears to be clean, as opposed to PNBINDIA.com

moneysaver_joe

mr_fishbulb wrote: »

Sometimes the page itself is not https but the POST (when you send all the details on the form to the server) is. That way all the information sent to the server is SSL protected.

But doesn't look like this happens in this case. Insecure web design - if they miss this basic principal, makes you wonder what else they have missed.

The initial page should be over SSL, not just the POST request. Otherwise an attacker can still modify the normal page with no warning. This means the form action could be changed and cookies read etc. Its a common mistake (moneysavingexpert makes it) and not a huge threat, but banks should know better.

Cheers,