Is Discover Card security up to the task?
I recently changed my discover card user name for added security and they sent the new username by email (yes, that's right). How do they know that my email account had not been compromised and this was the reason for changing it in the first place. Further, now I would need to CHANGE IT AGAIN (or maybe risk more trouble) and very quickly download from the server after having changed the email password (since that was the compromised account). Clearly, if you dont know the username you certainly cant logon to an account even with the right password (which I must also change again). That email sat on my server for near 20 hours before i retrieved it since im not expecting secure info to by TYPED directly in an email from a bank. NO OTHER BANK DOES THIS!!! Not even my tiny little local hometown middle of the freakin woods bank. IDIOTS!!! Other things I have noticed are that they have no sign in key like other banks and i never get security questions when i clear my brower data (in ram). No forced password entry on page changes (very dangerous if your dumb enough to login to discover at starbucks or local library which i see people doing all the time). All this adds up to problems for discover. I think they have other issue as well but cant comment on those. Luckily hackers dont seem to target banks so much as this is considered an international crime which would have probably have support and international cooperation to catch them. Now that my info is secure I'm challenging the White Hat Hackers to hack their site to force them to get off their arses and UPDATE THEIR SECURITY! Maybe Kevin Mitnick can social engineer his way in just to show them whats up. Discover, your time is gonna come!
- Anonymous9 years agoFavorite Answer
It's a sad state of affairs, but in some ways you are right: it often takes a dramatic event to shake up the lazy azzes that are working 'security' on websites; especially commerce oriented.
Since there are so many millions of Windows/Mac users who are completely oblivious to the inner workings of TCP/IP and all it implies; it should fall on those who offer commerce over the Internet to pick up the gauntlet and assure (as much as is within their power) users are 'safe' (granted, a fictional 'static' state, but more of a moving target).
I would argue with your presumption "Luckily hackers dont seem to target banks so much as this is considered an international crime...".
To the contrary; it is huge, yet the bankers won't admit it to their customers because they want the low cost service of non-human interaction to boost profits, and move up from their lowly Mercedes to a Bentley.
(See this article: An agency of the European Union says “Assume all PCs are infected.”; https://krebsonsecurity.com/2012/07/eu-to-banks-as... or other articles about the Zeus Trojan from Krebs.
If Windows/Mac/Linux users aren't scared about this huge gap in what's being done with/to their info, they don't know enough.
PS: If the Discover Card [or any site for that matter] can send you your password (from an "Forgot password" link) and it comes back exactly what you have established; that means they store it in plaintext...but I can't believe they would be that ignorant...(but who the hell knows?).