Despite repeated warnings from a number of security organisations, Swiss banking technology company BPC continues to maintain that its SmartVista ecommerce software system remains secure. BPC deploys its SmartVista product suite in sixty countries, either as an individual point solution to meet a specific need or implemented together to form a complete end-to-end electronic payments system.
Security company Rapid7 has finally lost patience with BPC and gone public on SmartVista’s Structured Query Language (SQL) vulnerability, which could potentially allow an attacker armed with authentication to steal money and data from POS systems, ATMs and other forms of payment processing.
SQL injections are recognized as being prone to bugs, but as yet no patches have been issued to address the problem. Now that the issue is in the public domain, hopefully affected fintech companies be moved to take action.