Bank Webpage Does a Redirect to a 3rd Party Website that F-Secure Banking Protection Blocks

Karibu
Karibu Posts: 42 Contributor
edited July 2 in Web Browsing
  1. Log into credit card website.
  2. Make payment from a connected bank account.
  3. The credit card website makes a redirect to a 3rd party SSO webpage which F-Secure Banking Protection blocks - even when the URL is allowed/exception created for it in Banking Protection.

F-Secure Banking Protection does not work properly (must be completely disabled) for the following bank websites:

A. Fidelity Rewards (credit card and credit card payment)

B. Huntington Bancshares (credit card payment)

A user must completely disable Banking Protection for most of those webpages to work properly which makes Banking Protection useless. It is a nice protection feature in theory, but in practice it just does not work.


Accepted Answer

  • Ukko
    Ukko Posts: 3,773 Superuser
    Answer ✓

    Hello,

    Sorry for the discussion.

    Website/URL from screenshot and StepThree are the same one in your experience? If so, which one line is in allowed websites in Websites Exclusions?

    firstdataeservices.com

    or

    firstdataeservices.com/security-web/ssoSaml

    Seems I cannot to reproduce exactly the same routine or to access the second page directly - but I cannot get it blocked with an 'active' Banking Protection session and by trying open this website (while the first-one/generic view is added to exclusions). Otherwise, indeed it is blocked as 'active' Banking Protection session there.

    It is possible to report this website or even a full routine via F-Secure SAS: Submit a sample | F‑Secure (f-secure.com)

    So, to choose "URL Sample" -> then confirm that you want to give more details about -> then "Banking Protection related trouble" and other fields accordingly to your experience. As such, they should investigate a bit.

    Thanks!

Answers

  • Debby
    Debby Posts: 30 Contributor

    My friend also has the same problem and wants to know how to solve it safely and correctly when trading.

  • Karibu
    Karibu Posts: 42 Contributor

    You can forget getting any answer from F-Secure regarding this issue. They are not going to open financial accounts to debug and fix how their banking protection mode breaks a lot of financial websites - bank, credit union, credit card, brokerage, insurance, and other websites.

    The only thing you can do is to disable F-Secure banking mode each time you go to the website that it breaks - which means the banking mode feature is useless for a lot of users on websites where they need the protections the most.

  • Karibu
    Karibu Posts: 42 Contributor
    edited January 15

    You need to open an account at a bank (www.huntington.com), apply for and get a credit card, that uses firstdataeservices.com as a payment processor and then login into the bank website and attempt to make a credit card balance payment to reproduce what is being reported.

    F-Secure needs to contact the website owners directly to obtain technical infos. There is nothing else that I can do except report it.

    www.huntington.com - (bank)

    www.firstdataeservices.com - (3rd party payment processor that the bank uses for credit card payments)

    Every single financial website that I use in the U.S., F-Secure Banking Protection breaks it in one way or another. Whitelisting URLs in F-Secure Banking Protection does not work. The only solution is to completely disable F-Secure Banking Protection.

  • Ukko
    Ukko Posts: 3,773 Superuser

    Hello,

    Thanks for your response.

    You need to open an account at a bank, apply for and get a credit card, that uses firstdataeservices.com as a payment processor and then login into the bank website and attempt to make a credit card payment to reproduce what is being reported.

    Yes, it is clear enough situation.

    But, at the end, only a certain resource is blocked. I mean, at the very certain step you got redirect from one resource to another.

    For example, "login into the bank website and attempt to make a credit card payment" is the part which I cannot to do now (and so I cannot to reproduce exactly the same routine). But, virtually, if F-Secure Banking Protection session is active - the resource with a trouble should be blocked regardless the fact of possibility to make a payment OR a certain routine.. if you will be able to get/access it.

    As such, it is "URL" which tried to be opened. I don't think that the trouble is based on 'the way' you tried to open it. And, thus, it is should be possible to sort out by adjusting rating for this "URL" (or something) as being safe for Banking Protection sessions.

    However, I am not sure.. of course.

    Never bumped into this trouble by my use cases.

    Thanks!

  • Karibu
    Karibu Posts: 42 Contributor

    Whitelisting U.S. financial website URLs in F-Secure Banking Protection does not work. The only solution is to completely disable F-Secure Banking Protection for the entire financial website.

    I have supplied all the infos that F-Secure requested. Now it is up to F-Secure to contact the various U.S. financial website owners, request technical infos, and sort it out with them directly.

    F-Secure Banking Protection is nice in theory, but in practical application it breaks every single U.S. financial website that I use. So I cannot use it at all. Not very satisfactory, but expected because blocking browser/webpage network connections was never going to be a workable protection solution.

  • Ukko
    Ukko Posts: 3,773 Superuser

    Whitelisting U.S. financial website URLs in F-Secure Banking Protection does not work. The only solution is to completely disable F-Secure Banking Protection for the entire financial website.

    I see.

    However, what I meant (in addition to the point that it's better to use "firstdataeservices.com" as an example instead of ones with "www." inclusion or sub-pages) is that maybe another domain / another website in background is a reason for blocking. As such, it should be visible per opened tab (like in your screenshot - that's why I thought that maybe added line in Whitelist is differ from opened OR is not sufficient enough).

    But did you mean just disabling Banking Protection? Because I think it's not really possible to disable it only for a certain website.

    Anyway, thanks for your responses and sorry my English!

This discussion has been closed.
Feedback on New Design