Imagine you’re a transaction processor that powers ticketing for several consumer travel websites, and you are contacted by a programmer outside of your company who says there’s a flaw in how your platform interacts with the websites of your vendors.
Thieves could exploit the flaw to skim the credit card details of consumers, says this programmer.
What would you do?
It isn’t entirely an abstract question.
This winter, a North American programmer, or hacker, contacted a major ticketing platform based in the US, alleging that the websites powered by its white-label solution was vulnerable to this type of attack.
The company reacted with alarm. Its affected clients included the consumer websites of minor, but nationally known, brands used mostly by domestic travelers.
If true, a customer’s credit card details would be vulnerable to theft as they were typed into any of the branded websites.
What follows is something of a “he said, she said,” story between the hacker and that ticket processing provider. But of course this is also a cautionary tale for other companies that may be exposed to the same alleged vulnerability — without knowing it. Read more
Published in: http://www.tnooz.com