With the unusual problem faced by the owner of one of the Metropolitan service centres of Apple technology. Two years ago, he has closed the account of the company in Tinkoff Bank. But opened up a new one. It turned out that access to money has got the almost all retired employees who once enjoyed the old account.
About the problem the man wrote on Twitter, referring Tinkoff Bank in the message.
As proof the owner made a screenshot of the correspondence with former employees who continued to access the company’s funds. One of them can login, old password, although his ex-head when opening an account, asked a new. The other suddenly started to receive SMS notifications of all transactions on the account. Third, the entrepreneur “360”, at his request, for the sake of experiment has successfully funded his account with money company.
“I asked him to create a payment, to check if he could use the account”, — said the businessman.
Discuss the problem of social network users agreed on the opinion that this case is “failure” in security.
“This is fucking not a “security incident” is a failure. Use the same auth token. The cart — and that’s safer. But always transit can be blamed on an unidentified person,” wrote a user Mingəçevir (100+).
The problem, according to the victim, lies in the fact that “the organization was the same, the application was not removed with the iPhone and the machine began to work with a new account.” Support Tinkoff Bank asked the businessman to call personal information, but the man doubted that it is safe.
Fortunately, all of the former employees were people of respectable and no one to pocket unexpectedly “fallen into the phone” money. Therefore a loss is incurred.
“There is no loss. The Bank contacted me. But the problem is currently not solved”, — said the businessman.
The press service of TCS Bank’s “360” has not provided a comment at time of publication. In response to other media representatives of the credit organizations have confirmed the authenticity of the incident and called the incident “a one-time technical glitch”.
Comfortable and unsafe
In an interview with the “360” head of the Zecurion analytical center Vladimir Ulyanov said that the cause of the problem capital businessman may lie in the omission from the application developers. Also, might be crashing, which when removed and restore the personal account remained incorrect settings. Another option is to cache multiple smartphones accidentally preserved some data, which the laid-off workers have access to mobile banking. But regardless of the reasons Tinkoff Bank is obliged to investigate the case of a breach of information security.
“As for the court, the protection of consumer rights, don’t see the point, if harm there. There’s a security risk, Yes. In this case, if there is some mistake in the application service, you need to contact the developer, the existence of fraud, no one is interested,” — said Ulyanov.
According to the expert, is absolutely secure systems in this world. In General, said Ulyanov, security in the age of information technologies development is given surprisingly little attention. Although it should be possible to examine in detail even at the level of the development, concepts and application architecture for enterprise systems.
“The problem of security is solved as a residual. First of all, attention is paid to ease of operation and functionality. To the customer, the customer can quickly spend or transfer money. It is convenient. But the issue of security has not received adequate attention”, — he stressed.
Account one mobile banking — other
An expert in the field of information security, Alexander Vlasov, said the “360” that some banks, in particular, “Tinkoff”, there is a certain procedure closing the account. But to the mobile banking it is typically not relevant. And closing accounts doesn’t mean that mobile banking will automatically stop working, and the staff will prohibit access to it.
“You account was closed, and the mobile Bank can continue to operate. When I opened a new account, you can write off the cost over the alleged use of mobile Bank all the time. And the whole mobile banking will be restored”, — said the expert.
In order not to get caught in such a situation, before you close the account, you need to write a statement of depriving employees of access to the mobile banking. Then a separate statement on the closing of the current and transit accounts. And then the third — with a request to remove all accounts and personal data.
“And only then can you be sure that there is something they will do. And when you open a new account, you need to write a new application with a request to grant access to some specific employees. If it turns out that the past from somewhere in the cache caught up, you can make a complaint to the Bank”, — he added, noting that usually investors do not know all the details of the internal procedures of the Finance Department.
But even a lot of statements is not always a guarantee that all customer records will be destroyed. In some banks, even if the “disable” access to the fired employee almost always will be kept a record of it marked “access denied”. Similarly, banks hold not only new, but also old, dormant accounts of depositors. And no one can guarantee that the data somewhere won’t come up.
If you have similar situations Vlasov recommended that customers Tinkoff Bank, immediately inform the credit institution about the accident and require to eliminate it. And be sure to check whether the registered incident. After that, if someone from unscrupulous ex-employees decide to use the company’s funds, the responsibility will be borne by the Bank.
“If the man whose case we are considering, made it, he may require, including any judicial proceedings, to raise the call recording and verify that all necessary actions were produced. But if the Bank refuses your legal requirements, the first place to go is court,” — concluded the expert.
Read more •••