THIRUVANANTHAPURAM: The SBI has finally moved to rectify the security flaw in its debit card-based online payment gateway, which was reported by DC on Wednesday.
A team of SBI officials called on software engineer M.S. Anoop on Wednesday and collected the details of the fault. Anoop, who detected the error, had reported the matter to the SBI three weeks ago, but there was no response so far.
A senior SBI official contacted Anoop in the morning and sent a technical team led by assistant general managers C.R. Harish and L.Manicka Vasagam to Anoop’s office.
“I demonstrated the technique of cracking the one-time password for debit card-based online shopping and the officials were convinced of the loophole. They wanted me to demonstrate the problem before their senior officials and I offered to do that too,” said Anoop who is working as technical lead in GDS Technologies here.
An SBI spokesperson claimed that it was only a minor security issue. “Our technical team collected the details from the software engineer and we are in the process of sorting it out,” the official told DC.
The loophole is that anyone with minimum software knowledge could tamper with the one-time password in shopping using any State Bank debit card with the basic details visible on all bank cards - debit card number, expiry date of the card and the security code.
