Title | Credit Union Sues Fintech Giant Fiserv Over Security Claims | |
Date | Thursday May 23 2019, @11:34AM | |
Author | Fnord666 | |
Topic | ||
from the see-no-evil-speak-no-evil dept. |
Submitted via IRC for AnonymousLuser
Credit Union Sues Fintech Giant Fiserv Over Security Claims
In late April 2019, Fiserv was sued by Bessemer System Federal Credit Union, a comparatively tiny financial institution with just $38 million in assets. Bessemer said it was moved by that story to launch its own investigation into Fiserv’s systems, and it found a startlingly simple flaw: Firsev’s platform would let anyone reset the online banking password for a customer just by knowing their account number and the last four digits of their Social Security number.
[...] Bessemer further alleges Fiserv’s systems had no checks in place to prevent automated attacks that might let thieves rapidly guess the last four digits of the customer’s SSN — such as limiting the number of times a user can submit a login request, or imposing a waiting period after a certain number of failed login attempts.
[...] Bessemer says instead of fixing these security problems and providing the requested assurances that information was being adequately safeguarded, Fiserv issued it a “notice of claims,” alleging the credit union’s security review of its own online banking system gave rise to civil and criminal claims.
The credit union says Fiserv demanded it not disclose information relating to the security review to any third parties, “including Fiserv’s other clients (who presumably were affected with the same security problems at their financial institutions) as well as media sources.”
Links |
printed from SoylentNews, Credit Union Sues Fintech Giant Fiserv Over Security Claims on 2024-04-24 20:31:13