TARGET 8: Testing website security to ensure personal information is secure

1 year 3 months 2 weeks ago Tuesday, July 05 2016 Jul 5, 2016 Tuesday, July 05, 2016 5:41:00 PM CDT July 05, 2016 in Target 8
By: Nina Amedin, KOMU 8 Reporter
loading

MOBERLY - For part of this summer, the city of Moberly's online bill payment system was not a secure site according to a Qualys Lab web page test. Target 8 decided to test the security of that site and many other mid-Missouri sites after an emailed tip from a viewer.

"The city of Moberly does not appear to properly protect customers credit card information," according to the viewer tip. "Although instructions on the website noted above say the information will be transferred to a secure site, the Moberly web page, where the information is originally entered, is still not secure. It remains to be determined to what degree the information is at risk and for what period(s) this lapse in security has or remains."  

Moberly responds to concerns

KOMU 8 News reached out to Moberly's city manager, Brian Crane, and our reporter was then forwarded to Moberly's public relations manager Tristan Asbury.

"In regards to the City of Moberly's online bill payment system - the issue is being resolved as we speak," Asbury said. "We were initially under the impression that our bill payment system was secure but under further review, we have run tests and found the home page of the bill payment system is not. However, once a payment is submitted, it is encrypted to comply with all encryption standards and regulations and is extremely secure. To date, we have had no community members affected by fraudulent activity."
 
Asbury continued, "To fix the issue at hand and guarantee that community members using the online billing system are protected from fraud, we will be re-directing our bill payment system page within our website to our original encryption outlet. This will allow for constant oversight of our billing page which in turn will provide Moberly residents with nothing less than a safe and secure system from beginning to end."
 
He refused further comments as well as an in person interview. 

The University of Missouri System uses Qualys Continuous Security system to check for web insecurities. 

Target 8 tests other mid-Missouri websites

KOMU 8 News went through multiple government websites to test their security using the Qualys system. 

((SUMMARY OF FINDINGS))

The tests are given a grade rating or a "not trusted" rating. 

The grade is based on the following:

  • A website's certificate, activates the padlock and the https protocol and have to be renewed every year.
  • Protocol support 
  • Key exchange
  • Cipher strength, the strength of encryption. 

Moberly and Fulton's city bill pay websites were "not trusted" when tested on the Qualys system. 

Qualys said when a website is not trusted it could mean either the website has an invalid certificate, invalid configuration, unknown certificate authority or interoperability issues. 

How to protect yourself

There are things consumers can do to check if a website is secure said Beth Chancellor, Chief Information Security Officer for the University of Missouri System. 

"It's important to be on the right website to begin with and the only way to do that is to go to that site yourself," Chancellor said. 

She said consumers should never click on links in emails that are sent from websites like banks or utility companies.  

"They actually need to type the URL or search for the site in their browser," she said. "They could get an email that is sent to them saying 'you need to pay your bill' and it could be a fake email that could take you to a fake site that might look exactly like their site."

Another way to check for web security is to look at a web browser and see if there is a padlock image in the left corner of the URL or web browser. 

An "encrypted or secure site will start with 'https,' the 's' stands for secure, and generally there will be a padlock icon associated with that," Chancellor said. 

One issue some sites run into can be home page security, like the city of Moberly. Chancellor said home pages may not be secure at times, but that could change once you move around on the website or log in. 

"Although some sites, say the City of Moberly for example, or another one is eBay, when you go to their home site, a lot sites won't be secure at that level, but once you go to log in or once you do something on the site it will then change to https," she said. 

"There can also be application vulnerabilities," she said.  "Anyone who collects payments online and deals with collecting credit cards by the payment card industry, called PCI standards, all merchants have to meet those standards."

It's tough to get 100 percent

She said it may be that a site that was once insecure was secure at one point, but because of changes made to the site, it became insecure again.

"There are few organizations that are going to get a 100 percent clean Qualys report every time they run a scan of their server because the number of security vulnerabilities come in every single day," Chancellor said. 

She said when websites try to fix a security problem, they might turn around and create a different security problem they hadn't intended to. 

"It's sometimes hard to keep up with making sure that everything you do is secure all the time," Chancellor said. 

She said she thinks because of issues like this websites are having, more people will start using one time virtual credit cards.

"I know that Bank of America and CitiGroup offer virtual cards that are tied to your credit card so you can sign up for a virtual card and use that virtual number that is used once and then it still gets charged to your same account, but the criminals can't get access to your actual credit card number," she said.

Another tip Chancellor recommended is that consumers don't store credit or debit card information with any retailer they're doing business with online. She said there is usually a one time option you can select to complete purchases. 

"If that company gets hacked then your credit card will be exposed just like everybody else's credit card," she said. 

Chancellor said there is only a limited number of things consumers can do to make sure websites are secure enough to input their personal information.   

Moberly's website upgraded to 'A' security rating

The Target 8 team ran a Qualys test again on July 5, 2016 and Moberly's onling bill pay system received an "A" rating. 

We reched out to Asbury again on July 5 and no comment has been received so far as to what changed in their bill pay system to make it a more secure site for customers.  

 

 
 

More News

Grid
List
CALLAWAY COUNTY - A 21-year-old man faces a handful of charges for allegedly stealing from a church and also stealing... More >>
1 day ago Friday, October 20 2017 Oct 20, 2017 Friday, October 20, 2017 10:47:00 AM CDT October 20, 2017 in News
COLUMBIA - Two felons from Columbia were charged in federal court with illegally having guns and ammunition. Ladame Smith... More >>
1 day ago Friday, October 20 2017 Oct 20, 2017 Friday, October 20, 2017 10:19:00 AM CDT October 20, 2017 in News
ST. LOUIS (AP) — A federal judge is hearing from police and St. Louis protesters before deciding whether to grant... More >>
1 day ago Friday, October 20 2017 Oct 20, 2017 Friday, October 20, 2017 9:57:00 AM CDT October 20, 2017 in News
COLUMBIA - A man received life-threatening injuries from an apartment fire early Friday morning. Columbia firefighters arrived at 18... More >>
1 day ago Friday, October 20 2017 Oct 20, 2017 Friday, October 20, 2017 9:13:00 AM CDT October 20, 2017 in News
ST. LOUIS (AP) — Authorities have found the body of a man who had been shot in the basement of... More >>
1 day ago Friday, October 20 2017 Oct 20, 2017 Friday, October 20, 2017 8:54:45 AM CDT October 20, 2017 in News
COLUMBIA - Police arrested a man on Thursday on suspicion of hitting a woman after she wouldn't let him see... More >>
1 day ago Friday, October 20 2017 Oct 20, 2017 Friday, October 20, 2017 8:48:00 AM CDT October 20, 2017 in News
ST. LOUIS (AP) — Authorities say a woman has been shot while attending a candlelight vigil for a slain man... More >>
1 day ago Friday, October 20 2017 Oct 20, 2017 Friday, October 20, 2017 7:58:00 AM CDT October 20, 2017 in News
COLUMBIA - MU has parted ways with longtime basketball radio analyst Gary Link. Link had been the team's color commentator... More >>
1 day ago Friday, October 20 2017 Oct 20, 2017 Friday, October 20, 2017 5:13:00 AM CDT October 20, 2017 in News
COLUMBIA - The University of Missouri kicked off it’s 106 th Homecoming Weekend on Friday. It’s a weekend full of... More >>
1 day ago Friday, October 20 2017 Oct 20, 2017 Friday, October 20, 2017 3:39:00 AM CDT October 20, 2017 in News
COLUBMIA – The Columbia Parks and Recreation Commission held a meeting Thursday night to recommend approval of possible changes to... More >>
1 day ago Friday, October 20 2017 Oct 20, 2017 Friday, October 20, 2017 1:20:00 AM CDT October 20, 2017 in News
COLUMBIA - The University of Missouri banned smoking on campus in 2013, but after issues with compliance over the past... More >>
1 day ago Thursday, October 19 2017 Oct 19, 2017 Thursday, October 19, 2017 10:29:00 PM CDT October 19, 2017 in News
FULTON- Fulton Medical Center is getting a new name along with its new owner. It will soon be called... More >>
1 day ago Thursday, October 19 2017 Oct 19, 2017 Thursday, October 19, 2017 10:10:00 PM CDT October 19, 2017 in News
JEFFERSON CITY - A Missouri video contest is promoting drug-free lives and giving high school students a chance to win... More >>
1 day ago Thursday, October 19 2017 Oct 19, 2017 Thursday, October 19, 2017 7:49:00 PM CDT October 19, 2017 in News
COLUMBIA - The Columbia Board of Education met Thursday and unanimously decided to vote 'no' on The Broadway Columbia's tax... More >>
1 day ago Thursday, October 19 2017 Oct 19, 2017 Thursday, October 19, 2017 7:13:00 PM CDT October 19, 2017 in News
COLUMBIA - Elm Street will open on Friday after five months of construction. Patricia Hayles with Columbia Sewer Utility said... More >>
1 day ago Thursday, October 19 2017 Oct 19, 2017 Thursday, October 19, 2017 6:59:00 PM CDT October 19, 2017 in News
COLUMBIA - The Missouri Supreme Court ruled Wednesday that public defenders may not turn away clients without first getting permission... More >>
1 day ago Thursday, October 19 2017 Oct 19, 2017 Thursday, October 19, 2017 6:37:00 PM CDT October 19, 2017 in News
COLUMBIA– A shuttle service responsible for bringing residents back-and-forth to campus is citing a communication breakdown for its slow response... More >>
1 day ago Thursday, October 19 2017 Oct 19, 2017 Thursday, October 19, 2017 6:25:00 PM CDT October 19, 2017 in News
COLUMBIA - On Thursday Missouri officials officially announced its proposal to attract Amazon's second headquarters to Missouri. Governor Eric... More >>
1 day ago Thursday, October 19 2017 Oct 19, 2017 Thursday, October 19, 2017 5:51:00 PM CDT October 19, 2017 in News
Columbia, MO
Broken Clouds 68°
11am 73°
12pm 77°
1pm 78°
2pm 78°

Select a station to view its upcoming schedule:

Coming Up Next

10:30a
Wilderness Vet
11:00a
Journey with Dylan Dreyer
11:30a
English Premier League Soccer
10:30a
This Old House: Trade School
11:00a
Campmeeting: Inspiration Ministries
12:00p
Made in Hollywood

Tonight's Schedule

6:30p
College Football
7:00p
Family Guy
7:30p
Family Guy
8:00p
Bob's Burgers
8:30p
Bob's Burgers
9:00p
KOMU 8 News @ Nine on The CW
9:30p
Seinfeld