<http://www.guardian.co.uk/print/0,3858,5059129-103676,00.html> Guardian | Morgan Stanley website breach Rupert Jones Wednesday November 10, 2004 The Guardian A credit card company with more than 1 million customers has closed an online security loophole that could have allowed people to access account holders' details and move money about. Yesterday it emerged that the Morgan Stanley website had allowed users to access their credit card information after entering just the first digit of their credit card number. The incident comes four days after internet bank Cahoot closed down its website for 10 hours following a tip-off that users could view other customers' private details. Cyber crime experts said banks and other companies must take more responsibility for providing their online customers with security or run the risk that people will steer clear of these services. Morgan Stanley had permitted customers to let their PC "remember" their password so they only had to enter the first digit of their card number before the "autocomplete" facility provided the rest. This meant that someone using the same computer could potentially access another's accounts. The Association for Payment Clearing Services (Apacs) recommends that companies disable the auto function to remove the risk of this happening. The problem was reported to Morgan Stanley by the BBC after a viewer contacted a programme about the flaw. A Morgan Stanley spokeswoman said it had "taken immediate steps to turn off the auto function to ensure there are no possible security issues". "Morgan Stanley has received no customer complaints or calls on this issue to date, and to our knowledge no accounts have been accessed improperly," she said. But Philippsohn Crawfords Berwald, a city law firm, said the loophole "potentially enabled users to shift money across accounts with incredible ease". -- ----------------- R. A. Hettinga <mailto: rah@ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
participants (1)
-
R.A. Hettinga