Security Flaw in Swish Shows Transaction History of Other Users

  • 27 October 2014
  • 1 reply
  • 258 views

Userlevel 7
Badge +54
The largest Swedish banks use Swish to process transactions
By Ionut Ilascu on October 27th, 2014 A glitch in the way the Swish mobile payment solution implements Mobile BankID allows users of the service to view details of the transaction history from others by simply modifying the payment history request, a researcher says.
 
Swish has been designed as a cost-effective alternative for credit card processing machines and can be used by attaching a card reading device to a mobile phone. Combined with their free mobile banking app (available for both iOS and Android), the solution allows taking card payments anywhere.

A partnership with the largest banks in Sweden (SEB, Handelsbanken, Nordea, Danske Bank, Länsförsäkringar Bank, and the various branches of Swedbank and Sparbank) permits customers to transfer money in real time through Swish, identifying the recipient not by the number of their bank account, but by that of their mobile phone. Full Article

1 reply

Userlevel 7
Talk about a wake up call for the customers and especially the banks.......

Reply