RBS Worldpay website problems down to lack of code auditing

News that RBS Worldpay’s various web portals are “riddled with holes” according to a hacker have been met with the expected public relations spin that you might expect. But when you get down to basics, you realize that the reports of Unu, the Romanian hacker, about the vulnerabilities are valid enough.

How did RBS Worldpay end up in this unfortunate position? According to Richard Kirk, Fortify’s European Director, it all comes down to what appears to be poor code auditing at the programming level.

“Coupled with lack of security soak testing, which is a must-have for any transaction processing system, RBS Worldpay’s sites appear to have been hit by cross-site scripting (XSS) security problems,” said Richard Kirk. “Of course, RBS Worldpay isn’t alone in its sites having XSS problems, but it is a high profile problem, simply because the company processes card payments online for a large number of e-tailers,” he added.

Even though the bank is saying that the database that Unu claims to have compromised only contained dummy data, this is turning into something of a PR disaster. Banks have to be very careful at the moment when it comes to their brand image, for the simple reason that they are being held – rightly or wrongly – as responsible for the current economic woes of the world.