|
|
Post by gusgorilla on Jan 24, 2016 16:36:26 GMT
After some problems with website operation I looked a little closer and found some worrying facts:
The website appears to be built on the Wordpress blogging platform rather than a secure web framework. Wordpress is a favourite target for hackers and it takes a particularly skilled and conscientious set of developers to secure it.
The website does not appear to have yet been tested to the stage where it is safe to use in a production environment. This is indicated by the presence of the word BETA on the site logo. This is short for beta test version.
Would a representative of the company please tell us:
If the site will be replaced by a site based on a secure platform and if so when.
If not what the plans are for bringing in a security firm to do penetration testing and preferably provide certification for the current site.
What the arrangements are to protect our money and our personal details when the site is hacked.
|
|
|
|
Post by emoney on Jan 25, 2016 17:09:14 GMT
Hi GusGorilla.
Sorry for the delay, I had not been notified of these questions.
The site and platform is due for replacement within the next three months and re-branding and new build out is being carried out by skilled and conscientious developers, hence BETA being displayed.
Your money is not held on the platform, it is held in a segregated client account so is not at risk.
We are always striving for security enhancements and this is one of the reasons for the new platform.
|
|
|
|
Post by gusgorilla on Jan 25, 2016 19:32:06 GMT
Rebranding is not going to make the website less vulnerable to hackers. It's not the branding that will be hacked.
I am very grateful to the developers for being so honest as to put the BETA on the site and would like to thank them. Did they explain to you what BETA means and you then ignore them and insist the site be made live? If they really are conscientious, which I'm sure they are, they would have told you that BETA test software should never be used in this sort of live application.
The fact is that the management of your company has decided to trust our personal details (passwords, emails etc) to prototype/untested software of the most rudimentary (not to mention incomprehensible) nature. I consider that a serious breach of trust.
It is worrying that the Financial Conduct Authority has allowed this to happen and I will be attempting to bring the situation to their attention as in my opinion you should be closed down until you have a robust and transparent website in place.
|
|
|
|
Post by gusgorilla on Jan 25, 2016 20:31:29 GMT
Rebranding will not discourage hackers. Please take this issue seriously instead of giving this sort of glib response.
I'm sure that your developers are conscientious. I would like to thank them for being honest enough to mark the site as BETA. I'm sure also that they must have told the management of your company what BETA means and that BETA software should never be used live on sites with real data on them. I hope that they also told you that Wordpress was not designed for this sort of application, although it is great for building prototypes quickly and cheaply.
In my opinion it is a serious breach of trust to entrust our data (passwords, emails and other personal data that could be used by fraudsters) to prototype/unfinished/test versions of software of the most rudimentary (not to mention incomprehensible) kind. If your company cannot be trusted with our data, can we trust it with our money? Can we trust what we are told about loans?
You say "we are always striving for security enhancements". If that is true why did you put BETA software live with real data? Did you started striving after that time?
What is most shocking of all is that the Financial Conduct Authority has allowed you to get away with this so far. It is hardly surprising that that there was a banking crash in 2008 if they cannot even stop this sort of thing.
|
|
