MasterCard.com NOT PCI Compliant & Subject to XSS Attacks
Goes to show you, no matter who you are, your website is subject to scripting errors and therefore security breaches like XSS attacks. Seems like MasterCard, in all it’s attempts to ensure that merchants, banks, and merchant service providers are security-compliant, messed up. XSSED has discovered a scripting error in MasterCard’s search function which could allow input hacks like this one MasterCard Search Page XSS Hack - notice the XSS error on MasterCard.com. Please note that notlong.com is not affiliated with MasterCard, used for scripting purposes only.
Wonder who is getting fired over this one. Good luck to MasterCard in cleaning this up, let’s see how long it takes before someone notices. The bigger question becomes if this is the case, what else was missed?
UPDATE: MasterCard has removed the infected page. Kudos to the quick turn around on this one guys.
Bookmark this article!
Only call this number to handle these issues...Executive Customer Relations general line: 704-386-5687.
DO NOT CALL ANYONE ELSE! The above ...
To who it may concern.
I keep getting this email from someone who says they are bank one. I have talked ...
Wow... what's up with the guys not knowing the Internet boomed because of the adult industry. Are you guys 15yrs ...
In defence of Amex, in my experience the chargeback system is fully transparent and fair for both consumer and vendor. ...
Its the worst thing Amex can do to them self. That is why they are not a major role in ...
this is 100% right on the money!
When it comes down to it, it’s about their chargeback policy. Unlike Visa and ...
I have an account at citibank and I'm loving their services. I wish they don't close. 
I just opened my account 3 days ago and already deposited money into the account. I haven't even received my ...
This article is a little mis-guided. If DCC never existed and we use our cards abroad with a different currency ...
Well, I think I can explain how Bank of America plans on reversing their financial straights.
First they are going to ...
Comment by Phil on 6 January 2008:
Wow, hopefully Mastercard gets that fixed soon. I think that no matter how hard anyone tries there will always be a way to bypass/hack security methods on the internet. The best defense is to stay alert and fix problems as soon as they are discovered.
Comment by Doug on 6 January 2008:
Who checks mastercard.com for this crap? Why should merchants get fined if master card has no responsibility?
Comment by groop on 7 January 2008:
man, that is unfair, I’d have gotten pretty mad if that happened to me, the mistake was mastercard’s , they should refund the transactions if anything happens
Comment by ravi on 7 January 2008:
Yeh this one is looking to be a big loophole which needs to be shorted out fastly. Even i was not having known about it earlier before using the card.
Comment by BobVan on 7 January 2008:
Good to see mastercard is listening.
Comment by Phil on 7 January 2008:
@ groop I am sure they would refund you eventually, it might be a hassle to call them and talk to customer support though. If they didn’t refund they’d run the risk of getting sued.
Pingback by Update on Google Checkout and MasterCard | Merchant Talk on 9 January 2008:
[...] - As reported earlier, MasterCard removed the infected search page from their site. We had been welcomed with over 25 [...]