Chase Bank, The Lowest-Security Bank Ever

by Jon Davis 14. August 2010 23:44

Just filed this complaint via Chase Bank’s “Secure Message Center”:

I am writing to complain about your service. Please note that this is not a request for assistance, I only ask that you pass this complaint along to authorities in your security department.

I recently received an e-mail asking for transaction confirmation. The text of the e-mail reads (in part):

"As part of our ongoing effort to protect your account and our relationship, we monitor your account for possible fraudulent activity. We have recently attempted to contact you by phone and/or text message but we have been unsuccessful in reaching you. We need to confirm that you or someone authorized to use your account made the following transaction on your Chase Visa account ending in .....

"Please click on one of the two statements below to indicate if this transaction was authorized:

"[Transaction Authorized]"
"[Transaction NOT Authorized]"

I am sorry, but you came *extremely* close to losing me as a customer due to this e-mail. The “Transaction Authorized” link redirects to a site at host profile.na.epidm.net. Who is profile.na.epidm.net? You already raised an alarm, you have to now be trustworthy, Chase, authenticity is now required of YOU! Navigating directly to http://epidm.net to validate the authenticity of this domain, Google Chrome showed me the Red Screen of Death, indicating that this site is NOT TRUSTED by Google and should NOT be trusted by me. (The reason for the mistrust by Google Chrome is that the HTTP response headers indicate that the server is login.ddc.dartmail.net.)

Since I had already clicked on the link, I scoured the web to see if there was any recourse. I found this:

http://blog.mir.net/2010/03/security-how-banks-are-hurting.html

.. and realized that this appears to be a serious security knowledge failure by my own bank (you!), in the great intention but beyond-horrible execution of attempted security.

Clean this stuff up.

You guys should also NEVER suggest to an e-mail recipient that they simply click on a link to validate a transaction. That is exactly what scammers do. Instead, instruct your customers to type in the URL to chase.com and access the Message Center.

Please don’t scare me like this anymore. Clean up your act, Chase! Or you'll be losing me as a customer.

Jon

PS I'm blogging this complaint. This is not something that will just be tucked away in an "annoying feedback" file.

---

UPDATE: Yeah FYI they followed up within 24 hours with "please call our fraud department at XXX-XXX-XXXX". Typical form letter response from lazy or ignorant outsourced workers who refuse to act upon my request to forward my concerns as a complaint.

Currently rated 4.3 by 9 people

  • Currently 4.333333/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5

Tags:

Security

Comments

Add comment


(Will show your Gravatar icon)  

  Country flag

biuquote
  • Comment
  • Preview
Loading




 

Powered by BlogEngine.NET 1.4.5.0
Theme by Mads Kristensen

About the author

Jon Davis (aka "stimpy77") has been a programmer, developer, and consultant for web and Windows software solutions professionally since 1997, with experience ranging from OS and hardware support to DHTML programming to IIS/ASP web apps to Java network programming to Visual Basic applications to C# desktop apps.
 
Software in all forms is also his sole hobby, whether playing PC games or tinkering with programming them. "I was playing Defender on the Commodore 64," he reminisces, "when I decided at the age of 12 or so that I want to be a computer programmer when I grow up."

Jon was previously employed as a senior .NET developer at a very well-known Internet services company whom you're more likely than not to have directly done business with. However, this blog and all of jondavis.net have no affiliation with, and are not representative of, his former employer in any way.

Contact Me 


Tag cloud

Calendar

<<  October 2020  >>
MoTuWeThFrSaSu
2829301234
567891011
12131415161718
19202122232425
2627282930311
2345678

View posts in large calendar