Freedom

unwind to potential

ICICI Bank Payment Gateway security issue

Posted by Rahul Narula on February 12, 2009

While using my address bar to search for something, I accidentally happened to choose one of an previous “Payseal – ICICI Bank Payment Gateway” page from the list in the Firefox address bar.

What I saw was something not amusing at all. Inspite of their disclaimed note at the bottom of the page that says

Note: This page will expire in  30  Minutes and if you fail complete the transaction in  30  Minutes you will be redirected to the order page of <service provider>”

the page opened as it had opened the day I made the payment. Forget 30 minutes, I might have gone to that page atleast a couple of months ago.

For the sake of illustration try accessing the following url’s to see what I mean

https://payseal.icicibank.com/mpi/Ssl.jsp?txnId=9FE43213A6D3414FC3D66E5AAEAC3CC26534254EFC0FA0E7

ICICI payment Gateway

Continuing here will make a payment of Rs 1295 that I did more than a couple of months back for a friend  to get him paid services of Jeevansathi. I am not entirely sure what happens to these transactions once they have been fulfilled. As far as I remember the transaction represented above were never completed due to my bad internet connection.

I just hope that this serious security issue is soon addressed by ICICI Bank else it has a serious scope of being exploited.

Advertisements

One Response to “ICICI Bank Payment Gateway security issue”

  1. Rajesh said

    Yes, these kind of security lapses must be immediately addressed to.
    Are the Icici people listening?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: