• P03 Locke@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    4
    ·
    10 months ago

    There are far too many local to mid-size banks that have a shocking lack of security. Logins without HTTPS, banks using ancient transfer protocols, web sites that can recover your full password in plaintext.

    My old mortgage company had a bug where if you hit the Login button twice, it would redirect to a GET request with my password on the query string. Good thing I was re-financing away to some other company that actually gave a shit.

    Even with all of the security standards out there, like PCI, NIST 800-53, SOX, FedRAMP, etc., there is not enough enforcement to punish these fucking lazy assholes from leaking data like this. Even in the larger sectors, it’s just a constant pattern of buying out more shitty banks with different platforms and policies, until you have this mess of mismatched everything that can’t be unified into sane standards.