Comment Tracking Services an Online Banking Security Concern?
As I noted the other day, we’re changing our reward credit card strategy, in part due to perceived inflexibility on Citi’s part when it comes to making automated payments. It turns out that I may have been wrong about what you can and cannot do, so I just hopped on over to the Citi website to request the enrollment kit for the Autopay service. While I was there, I ran across the following message:
Please note: Customers using comment or blog tracking services on their computers run the risk that information submitted here could be displayed on those websites. Please disable your comment and blog tracking service before using the Citi Cards Message Center.
I’m assuming that they’re talking here about services like coComment, which allows you to track your conversations (primarily weblog comments) across websites. I’ve never used any of these services, but it seems like this could be a relatively major security hole if using them does indeed result in things like supposedly secure conversations with your bank being slurped up and deposited on a third-party site.
As an aside, there’s no need to use these sorts of services to keep track of conversations here at FiveCentNickel… Rather, simply check the box labeled:
“Notify me of followup comments via e-mail”
before submitting your comment and you’re good to go (and you can cancel these notifications at any time).
Published on November 28th, 2007 - 3 Comments
Filed under: Banking, Credit Cards, Online
email this post
- digg this - stumble it - save to del.icio.us
Related articles...
» One Year Ago This Week (October 22nd - October 28th)» Online Financial Statements
» Online Banking Poll Results
» Improved Security for Online Banking
» Online Banking Explosion
» Money Poll #7: Online Banking
» Money Poll #10 (Checkbook Balancing) Results
» HSBC Direct Adds (More) Annoying Security Features
Get via RSS
That’s a pretty big security glitch, especially if they’re public….
Comment by Mrs. Micah — Nov 28th 2007 @ 12:45 pmIt amazes me that something like that would be allowed to happen - do coComment and the like track comments in forms secured with SSL, which I presume Citi would be using for sending them messages.
I’m a little unclear how the comment trackers work, but I’d be surprised if they did track such messages.
Comment by Rob Lewis — Nov 28th 2007 @ 6:29 pmThat’s a bit worrying why don’t they disable the feature on their site like ING Direct and Commerce Bank.
Comment by used vans girl — Nov 29th 2007 @ 11:00 am