We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
How secure is RBS Secure?
ChapelGirl
Posts: 137 Forumite
in Credit cards
I have just been the victim of a Cardholder Not Present fraud. I realised something was wrong because I got an email telling me I had changed my RBS Secure password, which I knew I hadn't, so I got onto them and my bank right away.
I was absolutely stunned to discover how weak the security is for the RBS Secure service. If the fraudster has your card details and is able to find out your date of birth they can reset your password and complete the transaction there and then! There are no further checks made.
Given that only yesterday an online jobsite admitted to losing the personal details of 4.5 million people, including their dates of birth, I would say that this is an awful system. Also, once someone has got your DOB they have it forever. You can change a password but you cannot change your birth date!
I rarely use that particular card online except for the Dartford crossing, which uses RBS Secure, so I suspect one or the other organisation to be the source of the security leak, but of course I have no proof.
You have been warned!
I was absolutely stunned to discover how weak the security is for the RBS Secure service. If the fraudster has your card details and is able to find out your date of birth they can reset your password and complete the transaction there and then! There are no further checks made.
Given that only yesterday an online jobsite admitted to losing the personal details of 4.5 million people, including their dates of birth, I would say that this is an awful system. Also, once someone has got your DOB they have it forever. You can change a password but you cannot change your birth date!
I rarely use that particular card online except for the Dartford crossing, which uses RBS Secure, so I suspect one or the other organisation to be the source of the security leak, but of course I have no proof.
You have been warned!
0
Comments
-
ChapelGirl,
I know this is a late post, but I have been the victim of Cardholder Not Present Fraud twice and I had the same thing happen to me. I received emails in both cases from RBS SecureCard alerting me that my password had been changed.
I puzzled with it for a long time until I think I may have discovered the answer.
Online sites that have been used for shopping are having a real problem with security, and many sites are being 'hacked' and card details stolen. TJ Maxx had that problem, and now two card processing centers in the USA have been victims of hacking and stolen card details.
I was making the mistake of using the same password for the online shopping site that I used with the RBS SecureCode. A stupid mistake on my part, but one that I won't make again.
Consequently, if the website got hacked and information stolen, they also had the password that I used to log into the website. It only took a few minutes for the hackers to try that same password and bypass the SecureCode security.
This is only a theory, but something that I have now changed. My SecureCode password is now different from the password that I use to log into internet shopping sites.
Maybe someone else could shed more light on the problem?0 -
This wasn't the case for me. I was using a different password for the RBS site. However, I did read that the RBS's American company WorldPay has been compromised several times already, so I would not necessarily blame the retailer.I was making the mistake of using the same password for the online shopping site that I used with the RBS SecureCode.
http://www.thetechherald.com/article.php/200910/3095/RBS-WorldPay-has-yet-to-address-rumors-are-they-the-third-breach
Also, the last time I used RBS Secure I noticed that when I typed the first letter of each data field (cardholder name, address, credit card number etc.) it auto-filled the rest, so I am now wondering where this data is stored, what level of encryption is used and how vulnerable it is. I tried asking my bank, which is a subsidiary of RBS, but they said it was nothing to do with them and they could not help.0 -
ChapelGirl wrote: »This wasn't the case for me. I was using a different password for the RBS site. However, I did read that the RBS's American company WorldPay has been compromised several times already, so I would not necessarily blame the retailer.
http://www.thetechherald.com/article.php/200910/3095/RBS-WorldPay-has-yet-to-address-rumors-are-they-the-third-breach
Also, the last time I used RBS Secure I noticed that when I typed the first letter of each data field (cardholder name, address, credit card number etc.) it auto-filled the rest, so I am now wondering where this data is stored, what level of encryption is used and how vulnerable it is. I tried asking my bank, which is a subsidiary of RBS, but they said it was nothing to do with them and they could not help.
I would expect the data to autofill is being stored by your browser like it does other passwords. I'm not sure why it's letting you as it's never given me the option on secure sites.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 353.4K Banking & Borrowing
- 254.1K Reduce Debt & Boost Income
- 455K Spending & Discounts
- 246.5K Work, Benefits & Business
- 602.8K Mortgages, Homes & Bills
- 178K Life & Family
- 260.5K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards