Fiserv, a financial services technology provider, was recently under the scanner for a potential vulnerability in its one-way messaging feature in a number of bank websites.
The details about the incident came to light when a security researcher Kristian Erik Hermansen informed Fiserv that he discovered an unusual activity while logged into his account at a local bank that uses Fiserv’s platform. He stated that a security flaw in Fiserv’s technology platform allowed any one to view customer’s email address, phone number, and full bank account number. This would allow cyber criminals to spy on the daily transaction activity of the customers and exploit the data for personal gain, according to Hermansen.
“I shouldn’t be able to see this data,” Hermansen said. “Anytime you spend money that should be a private transaction between you and your bank, not available for everyone else to see.”
Fiserv’s cybersecurity platform enables financial institutions to address specific issues from threat detection, response, and remediation to regulatory compliance and reporting. The company clarified to CISO MAG that they have not “received reports of any adverse consumer impact.”
“To provide context on the recent blog post, which related to a one-way messaging feature in a limited number of bank websites, our ongoing research and continued monitoring have not identified, and we have not received reports of, any adverse consumer impact,” said a spokesperson from Fiserv. “We promptly developed a patch to update the feature, deployed the patch to clients using the feature and completed testing to confirm the patch resolves the issue. Fiserv recognizes the importance of security and takes any security concern seriously.”
Fiserv recently joined hands with a cybersecurity firm BlueVoyant to develop a security platform that aids financial institutions to fight against cybercrimes. The strategic alliance between Fiserv and BlueVoyant develops an integrated combination of endpoint monitoring, extensive threat intelligence, and behavioral analytics to offer real-time response and automated remediation of any suspicious activity.
*This story was updated after Fiserv’s clairification.