There are far too many local to mid-size banks that have a shocking lack of security. Logins without HTTPS, banks using ancient transfer protocols, web sites that can recover your full password in plaintext.
My old mortgage company had a bug where if you hit the Login button twice, it would redirect to a GET request with my password on the query string. Good thing I was re-financing away to some other company that actually gave a shit.
Even with all of the security standards out there, like PCI, NIST 800-53, SOX, FedRAMP, etc., there is not enough enforcement to punish these fucking lazy assholes from leaking data like this. Even in the larger sectors, it’s just a constant pattern of buying out more shitty banks with different platforms and policies, until you have this mess of mismatched everything that can’t be unified into sane standards.
There are far too many local to mid-size banks that have a shocking lack of security. Logins without HTTPS, banks using ancient transfer protocols, web sites that can recover your full password in plaintext.
My old mortgage company had a bug where if you hit the Login button twice, it would redirect to a GET request with my password on the query string. Good thing I was re-financing away to some other company that actually gave a shit.
Even with all of the security standards out there, like PCI, NIST 800-53, SOX, FedRAMP, etc., there is not enough enforcement to punish these fucking lazy assholes from leaking data like this. Even in the larger sectors, it’s just a constant pattern of buying out more shitty banks with different platforms and policies, until you have this mess of mismatched everything that can’t be unified into sane standards.