unwind to potential

ICICI Bank Payment Gateway security issue

Posted by Rahul Narula on February 12, 2009

While using my address bar to search for something, I accidentally happened to choose one of an previous “Payseal – ICICI Bank Payment Gateway” page from the list in the Firefox address bar.

What I saw was something not amusing at all. Inspite of their disclaimed note at the bottom of the page that says

Note: This page will expire in  30  Minutes and if you fail complete the transaction in  30  Minutes you will be redirected to the order page of <service provider>”

the page opened as it had opened the day I made the payment. Forget 30 minutes, I might have gone to that page atleast a couple of months ago.

For the sake of illustration try accessing the following url’s to see what I mean

ICICI payment Gateway

Continuing here will make a payment of Rs 1295 that I did more than a couple of months back for a friend  to get him paid services of Jeevansathi. I am not entirely sure what happens to these transactions once they have been fulfilled. As far as I remember the transaction represented above were never completed due to my bad internet connection.

I just hope that this serious security issue is soon addressed by ICICI Bank else it has a serious scope of being exploited.


One Response to “ICICI Bank Payment Gateway security issue”

  1. Rajesh said

    Yes, these kind of security lapses must be immediately addressed to.
    Are the Icici people listening?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: