I recently came across with a serious banking security flaw with my bank. I have always been using the banks app on my mobile phone to access my accounts, which requires me to type in all of my details. I recently attempted to sign into the bank account through my computer and was confronted by an incorrect password error. Putting it down to just being a system error, I had ignored it and continued to use the app.
Today, however, I had attempted to log into my app, and my muscle reflex had pressed the log in button just as I noticed that the last character I input was incorrect. Thinking this would simply give me an incorrect password error I was surpised, deeply worried, and disappointed to see that my login was successful. I then logged out to make sure I had input it incorrectly, and yet again, using the same incorrect password I was successfully logged in. I attempted all forms of my original correct password in different incorrect passwords and all have logged in succesfully. I have not lost any money, but this is a serious flaw and I'm very disappointed with my banks security for letting something so simple get passed.
I have not yet contacted my bank, about the flaw or whether my password is incorrect or not, as I was wondering if I should bring in some form of legal attention under Australian Law to the flaw.
Thank you for reading and I appreciate any information or constructive criticism, this is my first post so please be understanding.
Today, however, I had attempted to log into my app, and my muscle reflex had pressed the log in button just as I noticed that the last character I input was incorrect. Thinking this would simply give me an incorrect password error I was surpised, deeply worried, and disappointed to see that my login was successful. I then logged out to make sure I had input it incorrectly, and yet again, using the same incorrect password I was successfully logged in. I attempted all forms of my original correct password in different incorrect passwords and all have logged in succesfully. I have not lost any money, but this is a serious flaw and I'm very disappointed with my banks security for letting something so simple get passed.
I have not yet contacted my bank, about the flaw or whether my password is incorrect or not, as I was wondering if I should bring in some form of legal attention under Australian Law to the flaw.
Thank you for reading and I appreciate any information or constructive criticism, this is my first post so please be understanding.