Banking POST Data Security

TL;DR

Your banking site is likely obfuscating POST data to protect sensitive information during transmission. This usually involves encryption (like HTTPS) and potentially additional techniques like tokenization or field-level encryption. Check your SSL certificate, review the website’s security policies, and ensure you are using a secure browser.

Why Banking Sites Obfuscate POST Data

When you submit data to a banking site (like login details or transfer amounts), it’s sent as “POST” data. Without protection, this data could be intercepted and read by someone else. Obfuscation makes the data unreadable to attackers.

How POST Data is Typically Protected

1. HTTPS (SSL/TLS): This is the most common method. It encrypts all communication between your browser and the bank’s server.
   • Check for HTTPS: Look for a padlock icon in your browser’s address bar and “https://” at the beginning of the web address.
   • View Certificate: Click on the padlock to view the site’s SSL certificate. Ensure it’s valid, issued to the correct bank, and hasn’t expired.

     openssl s_client -connect yourbank.com:443

2. Encryption at Rest & In Transit: Banks use strong encryption algorithms (like AES) to protect data both while it’s being sent and when it’s stored on their servers. You generally don’t need to worry about the specifics of this, as it’s handled by the bank.
3. Tokenization: Sensitive data (like your credit card number) is replaced with a unique “token”. This token is useless to attackers if intercepted.
   For example, instead of sending your full card number, the site sends a token like ‘abc123xyz789’.
4. Field-Level Encryption: Specific fields within the POST data (like passwords) are encrypted individually before transmission.
5. Obfuscation Techniques (Less Common): Some sites might use techniques to make the POST data *look* random, even if it’s already encrypted. This adds an extra layer of confusion for attackers but isn’t a replacement for proper encryption.

Troubleshooting Steps

1. Ensure You Are Using a Secure Browser: Use the latest version of Chrome, Firefox, Safari, or Edge. These browsers have built-in security features.
2. Clear Your Browser Cache and Cookies: Old data can sometimes cause issues.
   In most browsers, you can find this option in your browser settings under “Privacy” or “History”.
3. Disable Browser Extensions: Some extensions might interfere with the encryption process. Try disabling them one by one to see if that resolves the issue.
4. Check Your Internet Connection: A compromised Wi-Fi network could be intercepting your data. Use a secure, private network whenever possible.
5. Contact Your Bank: If you’re still concerned, contact your bank’s customer support team. They can confirm the security measures in place and investigate any potential issues.

What You Shouldn’t Do

• Don’t enter sensitive information on websites that don’t use HTTPS.
• Don’t ignore browser warnings about invalid SSL certificates.
• Don’t share your login credentials with anyone.