TARGET 8: Testing website security to ensure personal information is secure

1 year 7 months 2 weeks ago Tuesday, July 05 2016 Jul 5, 2016 Tuesday, July 05, 2016 5:41:00 PM CDT July 05, 2016 in Target 8
By: Nina Amedin, KOMU 8 Reporter
loading

MOBERLY - For part of this summer, the city of Moberly's online bill payment system was not a secure site according to a Qualys Lab web page test. Target 8 decided to test the security of that site and many other mid-Missouri sites after an emailed tip from a viewer.

"The city of Moberly does not appear to properly protect customers credit card information," according to the viewer tip. "Although instructions on the website noted above say the information will be transferred to a secure site, the Moberly web page, where the information is originally entered, is still not secure. It remains to be determined to what degree the information is at risk and for what period(s) this lapse in security has or remains."  

Moberly responds to concerns

KOMU 8 News reached out to Moberly's city manager, Brian Crane, and our reporter was then forwarded to Moberly's public relations manager Tristan Asbury.

"In regards to the City of Moberly's online bill payment system - the issue is being resolved as we speak," Asbury said. "We were initially under the impression that our bill payment system was secure but under further review, we have run tests and found the home page of the bill payment system is not. However, once a payment is submitted, it is encrypted to comply with all encryption standards and regulations and is extremely secure. To date, we have had no community members affected by fraudulent activity."
 
Asbury continued, "To fix the issue at hand and guarantee that community members using the online billing system are protected from fraud, we will be re-directing our bill payment system page within our website to our original encryption outlet. This will allow for constant oversight of our billing page which in turn will provide Moberly residents with nothing less than a safe and secure system from beginning to end."
 
He refused further comments as well as an in person interview. 

The University of Missouri System uses Qualys Continuous Security system to check for web insecurities. 

Target 8 tests other mid-Missouri websites

KOMU 8 News went through multiple government websites to test their security using the Qualys system. 

((SUMMARY OF FINDINGS))

The tests are given a grade rating or a "not trusted" rating. 

The grade is based on the following:

  • A website's certificate, activates the padlock and the https protocol and have to be renewed every year.
  • Protocol support 
  • Key exchange
  • Cipher strength, the strength of encryption. 

Moberly and Fulton's city bill pay websites were "not trusted" when tested on the Qualys system. 

Qualys said when a website is not trusted it could mean either the website has an invalid certificate, invalid configuration, unknown certificate authority or interoperability issues. 

How to protect yourself

There are things consumers can do to check if a website is secure said Beth Chancellor, Chief Information Security Officer for the University of Missouri System. 

"It's important to be on the right website to begin with and the only way to do that is to go to that site yourself," Chancellor said. 

She said consumers should never click on links in emails that are sent from websites like banks or utility companies.  

"They actually need to type the URL or search for the site in their browser," she said. "They could get an email that is sent to them saying 'you need to pay your bill' and it could be a fake email that could take you to a fake site that might look exactly like their site."

Another way to check for web security is to look at a web browser and see if there is a padlock image in the left corner of the URL or web browser. 

An "encrypted or secure site will start with 'https,' the 's' stands for secure, and generally there will be a padlock icon associated with that," Chancellor said. 

One issue some sites run into can be home page security, like the city of Moberly. Chancellor said home pages may not be secure at times, but that could change once you move around on the website or log in. 

"Although some sites, say the City of Moberly for example, or another one is eBay, when you go to their home site, a lot sites won't be secure at that level, but once you go to log in or once you do something on the site it will then change to https," she said. 

"There can also be application vulnerabilities," she said.  "Anyone who collects payments online and deals with collecting credit cards by the payment card industry, called PCI standards, all merchants have to meet those standards."

It's tough to get 100 percent

She said it may be that a site that was once insecure was secure at one point, but because of changes made to the site, it became insecure again.

"There are few organizations that are going to get a 100 percent clean Qualys report every time they run a scan of their server because the number of security vulnerabilities come in every single day," Chancellor said. 

She said when websites try to fix a security problem, they might turn around and create a different security problem they hadn't intended to. 

"It's sometimes hard to keep up with making sure that everything you do is secure all the time," Chancellor said. 

She said she thinks because of issues like this websites are having, more people will start using one time virtual credit cards.

"I know that Bank of America and CitiGroup offer virtual cards that are tied to your credit card so you can sign up for a virtual card and use that virtual number that is used once and then it still gets charged to your same account, but the criminals can't get access to your actual credit card number," she said.

Another tip Chancellor recommended is that consumers don't store credit or debit card information with any retailer they're doing business with online. She said there is usually a one time option you can select to complete purchases. 

"If that company gets hacked then your credit card will be exposed just like everybody else's credit card," she said. 

Chancellor said there is only a limited number of things consumers can do to make sure websites are secure enough to input their personal information.   

Moberly's website upgraded to 'A' security rating

The Target 8 team ran a Qualys test again on July 5, 2016 and Moberly's onling bill pay system received an "A" rating. 

We reched out to Asbury again on July 5 and no comment has been received so far as to what changed in their bill pay system to make it a more secure site for customers.  

 

 
 

More News

Grid
List
LEAWOOD, Kan. (AP) — Authorities say two children have died and three other people are critically injured in... More >>
35 minutes ago Monday, February 19 2018 Feb 19, 2018 Monday, February 19, 2018 7:28:00 AM CST February 19, 2018 in News
BOONE COUNTY - February is national wedding month. According to the National Association of Bridal Consultants , most couples begin... More >>
49 minutes ago Monday, February 19 2018 Feb 19, 2018 Monday, February 19, 2018 7:14:00 AM CST February 19, 2018 in News
COLUMBIA - A $2.7 million project to the Columbia sewage system will be introduced to city council Monday night. ... More >>
55 minutes ago Monday, February 19 2018 Feb 19, 2018 Monday, February 19, 2018 7:08:00 AM CST February 19, 2018 in News
ODESSA (AP) — An 80-year-old Missouri man who was convicted of abusing two young girls faces a possible... More >>
1 hour ago Monday, February 19 2018 Feb 19, 2018 Monday, February 19, 2018 6:47:00 AM CST February 19, 2018 in News
BOONE COUNTY - A 10-acre fire threatened several homes just outside of Columbia Sunday. The fire was near the... More >>
10 hours ago Sunday, February 18 2018 Feb 18, 2018 Sunday, February 18, 2018 9:04:00 PM CST February 18, 2018 in News
ROCHEPORT - With all 163 seats in the Missouri House of Representatives up for election this November, campaigns are getting... More >>
12 hours ago Sunday, February 18 2018 Feb 18, 2018 Sunday, February 18, 2018 7:57:00 PM CST February 18, 2018 in News
LICKING - The Texas County Sheriff's Office canceled an Endangered Silver Advisory for an 85-year-old woman reported missing... More >>
12 hours ago Sunday, February 18 2018 Feb 18, 2018 Sunday, February 18, 2018 7:30:00 PM CST February 18, 2018 in News
MONITEAU COUNTY - A California man was taken into custody after deputies reported finding a "substantial amount" of meth inside... More >>
12 hours ago Sunday, February 18 2018 Feb 18, 2018 Sunday, February 18, 2018 7:20:00 PM CST February 18, 2018 in News
COLUMBIA - The City of Columbia plans to pull together a group of professionals from diverse backgrounds to work on... More >>
14 hours ago Sunday, February 18 2018 Feb 18, 2018 Sunday, February 18, 2018 5:58:00 PM CST February 18, 2018 in News
CENTERTOWN - A warm, but blustery Sunday morning carried the smell of gunpowder over Rock Creek Road in Centertown, a... More >>
17 hours ago Sunday, February 18 2018 Feb 18, 2018 Sunday, February 18, 2018 2:07:00 PM CST February 18, 2018 in Top Stories
COLUMBIA - The Columbia Police Department will soon be supplementing classroom training with online courses, according to Public Information Officer... More >>
21 hours ago Sunday, February 18 2018 Feb 18, 2018 Sunday, February 18, 2018 10:14:00 AM CST February 18, 2018 in News
BOONE COUNTY - A fire destroyed a home on East Mount Hope Road early Sunday morning. Boone County Fire... More >>
22 hours ago Sunday, February 18 2018 Feb 18, 2018 Sunday, February 18, 2018 9:53:00 AM CST February 18, 2018 in News
Eric Hosmer is leaving the Royals. Hosmer signed an eight-year contract with the San Diego Padres for for around... More >>
1 day ago Sunday, February 18 2018 Feb 18, 2018 Sunday, February 18, 2018 12:04:00 AM CST February 18, 2018 in Sports
COLUMBIA - More than 100 students gathered to compete in the 2018 Columbia Elementary & Middle School Scholastic Chess Tournament... More >>
1 day ago Saturday, February 17 2018 Feb 17, 2018 Saturday, February 17, 2018 5:22:00 PM CST February 17, 2018 in News
COLUMBIA - The Father Tolton Catholic High School Blazers and the Battle High School Spartan Sparklers came to share their... More >>
1 day ago Saturday, February 17 2018 Feb 17, 2018 Saturday, February 17, 2018 4:49:00 PM CST February 17, 2018 in News
ASHLAND – The Ashland Police Department is taking precautionary measures after a school shooting at a Florida high school. The... More >>
1 day ago Saturday, February 17 2018 Feb 17, 2018 Saturday, February 17, 2018 4:36:00 PM CST February 17, 2018 in News
OSAGE BEACH – Elementary students displayed their creativity on Saturday. Hy-Vee hosted a Junior Chefs Energy Bite competition. ... More >>
1 day ago Saturday, February 17 2018 Feb 17, 2018 Saturday, February 17, 2018 3:40:00 PM CST February 17, 2018 in News
COLUMBIA - Columbia police were unsure Saturday who drove a vehicle they believe hit and killed a man on I-70.... More >>
1 day ago Saturday, February 17 2018 Feb 17, 2018 Saturday, February 17, 2018 2:34:00 PM CST February 17, 2018 in News
Columbia, MO
Broken Clouds 58°
8am 61°
9am 62°
10am 63°
11am 65°

Select a station to view its upcoming schedule:

Coming Up Next

7:00a
Today
9:00a
Megyn Kelly TODAY
10:00a
Today with Kathie Lee & Hoda
7:00a
Maury
8:00a
The Steve Wilkos Show
9:00a
The Steve Wilkos Show

Tonight's Schedule

7:00p
2018 Olympic Winter Games
7:00p
DC's Legends of Tomorrow
8:00p
Whose Line Is It Anyway?
8:30p
Whose Line Is It Anyway?
9:00p
KOMU 8 News @ Nine on The CW
9:30p
Seinfeld