PC financial security issue 2016-April | Simplii Financial | Discussion forum

Please consider registering
guest

sp_LogInOut Log In sp_Registration Register

Register | Lost password?
Advanced Search

— Forum Scope —




— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

sp_Feed Topic RSS sp_TopicIcon
PC financial security issue 2016-April
April 21, 2016
6:17 pm
jagga
Newbie
Members
Forum Posts: 2
Member Since:
June 25, 2014
sp_UserOfflineSmall Offline

PC financial has several security issues.

1) their banking web site does not use EV certified login in. See Tangerine web site as en example. Note the green lock and name (https://www.tangerine.ca/en/index.html) for Tangerine and compare it to PCF.

2) PCF allows phone banking which has the function of resetting your online banking password. Rwo separate systems should not allow another system to reset another in this case phone banking resetting Online banking.

3) I have had omoen access my account which I was able to determine by the last log on date displayed with online banking. I have asked PCF if they can provide me with the IP address that last accessed my account for a specified date and the first supervisor told me no. I have attempted to raise this issue.

April 21, 2016
6:46 pm
Schrodinger's Ape
Member
Members
Forum Posts: 49
Member Since:
April 12, 2016
sp_UserOfflineSmall Offline

jagga said 3) I have had omoen access my account which I was able to determine by the last log on date displayed with online banking. I have asked PCF if they can provide me with the IP address that last accessed my account for a specified date and the first supervisor told me no. I have attempted to raise this issue.

Thanks for the heads-up!

If there was a login that wasn't you, and PCF isn't reacting, you can report it to The Canadian Anti-Fraud Centre.

http://www.antifraudcentre-cen.....ex-eng.htm

April 21, 2016
8:44 pm
Norman1
Member
Members
Forum Posts: 7138
Member Since:
April 6, 2013
sp_UserOfflineSmall Offline

jagga said

1) their banking web site does not use EV certified login in. See Tangerine web site as en example. Note the green lock and name (https://www.tangerine.ca/en/index.html) for Tangerine and compare it to PCF.

That has to do with the SSL certificate and does not reflect the security of the site.

There's not much difference between an Extended Validation SSL certificate, that triggers the green indicators, and an Organization Validation SSL certificate, that does not trigger the green indicators. In both cases, the issuer of the certificate checks the identity of certificate requester and puts the name of the requestor in the certificate.

There's a cheaper kind of certificate called a Domain Validation certificate that only checks for the requester's control of the domain and not the requester's identity. Such certificates have the domain name but no name of the requester in the certificate.

The PC Financial online banking site uses an Organization Validation certificate. The verified identity of the requester is in the certificate:

CN = www.txn.banking.pcfinancial.ca
OU = DT:OAM:PROD:WEB:Akamai
O = Loblaw Companies LTD
L = Brampton
S = Ontario
C = CA

Please write your comments in the forum.