Fidelity Credit Card Page > Security Issue?

Questions on how we spend our money and our time - consumer goods and services, home and vehicle, leisure and recreational activities

Fidelity Credit Card Page > Security Issue?

Postby linenfort » Sun Feb 24, 2013 12:21 pm

I don't think I'm the only one with a Fidelity Amex card, the WorldPoints one that gives you 2% cash back.

From the same front page of Fidelity dot com where I view my investments, I click "see recent transactions" (that's credit card transactions) to navigate to online bill payment.
This morning, Chrome gave me a warning:

(red) The site's security certificate is not trusted! (/red) You attempted to reach mutualauth.ibsnetaccess.com, but the server presented a certificate issued by an entity that is not trusted by your computer's operating system. This may mean that the server has generated its own security credentials, which Google Chrome cannot rely on for identity information, or an attacker may be trying to intercept your communications.
You should not proceed, especially if you have never seen this warning before for this site.


I've seen this before, but not here. It comes up when Google Images is about to take me to a suspicious website hosting the original size of an image of Kate Upton puppies.
I realize that sometimes this kind of error is a false alarm. Just the same, I have time to pay by check & snail mail and I probably will.
I have also written to Fidelity about the matter, more for them than for me.
Does anyone have any experience with this?
Thanks.
The key is not so much what couch you choose, but that you stay on it. -- boglehead Random Musings. | Wolde ye bothe eate your cake, and haue your cake?(1546)
User avatar
linenfort
 
Posts: 1314
Joined: Sat Sep 22, 2007 10:22 am
Location: Cardiff Electric

Re: Fidelity Credit Card Page > Security Issue?

Postby kenschmidt » Sun Feb 24, 2013 12:26 pm

It might be worth it to try a different browser (IE, Firefox or Safari) to see if you get the same error. I have seen various browsers throw security certificate errors after an update that eventually gets resolved. If you get the error in multiple browsers, it is much more likely to actually be a problem with the cert.
User avatar
kenschmidt
 
Posts: 2281
Joined: Thu Mar 01, 2007 12:18 pm
Location: Cincinnati, OH

Re: Fidelity Credit Card Page > Security Issue?

Postby Gigihsu » Sun Feb 24, 2013 12:32 pm

I couldn't log in Fia card services today. I kept getting the message, "Our Online Banking service is not available at this time. We apologize for the inconvenience. Please call Customer Service for assistance. Their number is on the back of your card." I called the customer service, and they did not know why I couldn't see the activities online. They did not know whether the website was under maintenance or not. Did anyone else have login problems today?
Gigihsu
 
Posts: 44
Joined: Tue Apr 03, 2007 5:35 pm

Re: Fidelity Credit Card Page > Security Issue?

Postby linenfort » Sun Feb 24, 2013 2:15 pm

@Ms Hsu: no login problems here, other than the chrome issue detailed in the OP.

@Ken: Logged in via Safari per your advice and it went right through, no errors or warnings. Thanks!
The key is not so much what couch you choose, but that you stay on it. -- boglehead Random Musings. | Wolde ye bothe eate your cake, and haue your cake?(1546)
User avatar
linenfort
 
Posts: 1314
Joined: Sat Sep 22, 2007 10:22 am
Location: Cardiff Electric

Re: Fidelity Credit Card Page > Security Issue?

Postby Mudpuppy » Sun Feb 24, 2013 6:26 pm

linenfort wrote:I don't think I'm the only one with a Fidelity Amex card, the WorldPoints one that gives you 2% cash back.

From the same front page of Fidelity dot com where I view my investments, I click "see recent transactions" (that's credit card transactions) to navigate to online bill payment.
This morning, Chrome gave me a warning:

(red) The site's security certificate is not trusted! (/red) You attempted to reach mutualauth.ibsnetaccess.com, but the server presented a certificate issued by an entity that is not trusted by your computer's operating system. This may mean that the server has generated its own security credentials, which Google Chrome cannot rely on for identity information, or an attacker may be trying to intercept your communications.
You should not proceed, especially if you have never seen this warning before for this site.


I've seen this before, but not here. It comes up when Google Images is about to take me to a suspicious website hosting the original size of an image of Kate Upton puppies.
I realize that sometimes this kind of error is a false alarm. Just the same, I have time to pay by check & snail mail and I probably will.
I have also written to Fidelity about the matter, more for them than for me.
Does anyone have any experience with this?
Thanks.

The message alone is insufficient to know why the certificate was rejected. It could have been signed by a Certificate Authority (CA) that was later found to be compromised, so that CA was removed from your browser as trusted, yet FIA has not yet replaced the certificate with a new one from a currently trusted CA. (Edit: Inversely, it could be a new CA or new root certificate for an existing CA that your browser has not yet added to its CA root certificate list, perhaps because the browser is out of date, or just hasn't updated yet). It could have been a legitimate certificate that expired, either due to time synchronization issues or just flat out expired and hasn't yet been replaced. It could have been a development certificate that accidentally got put into a production environment. It could have been a mismatch between the certificate and the domain name, again usually caused by a mistake by some system administrator. And it could have been an attempt to hijack your session by a malicious person. Without seeing the actual certificate in question, it's impossible to say which of these cases has occurred. Since I don't have a FIA AmEx, I can't examine the certificate myself.

Note how many of these possibilities are just incompetence and how many are actually malicious. It brings up Hanlon's Razor once again: Never attribute to malice that which can be adequately attributed to stupidity (or incompetence).
Mudpuppy
 
Posts: 2683
Joined: Sat Aug 27, 2011 3:26 am
Location: Sunny California

Re: Fidelity Credit Card Page > Security Issue?

Postby tfb » Mon Feb 25, 2013 2:10 am

linenfort wrote:This morning, Chrome gave me a warning:

(red) The site's security certificate is not trusted! (/red) You attempted to reach mutualauth.ibsnetaccess.com, but the server presented a certificate issued by an entity that is not trusted by your computer's operating system.


Just go to the card site directly www.fiacardservices.com instead of going through the single-signon through Fidelity.
Harry Sit, taking a break from the forums.
User avatar
tfb
 
Posts: 6687
Joined: Mon Feb 19, 2007 6:46 pm

Re: Fidelity Credit Card Page > Security Issue?

Postby linenfort » Mon Feb 25, 2013 8:59 pm

tfb wrote:Just go to the card site directly http://www.fiacardservices.com instead of going through the single-signon through Fidelity.

Although this issue has long since been resolved by ken in the second post, I just came here to tell gigihsu how Fidelity replied. It's very similar to your advice, tfb.

This link, like the ones that will take you to statements and transactions, is designed to move you out of Fidelity.com and to the FIA Card Services Web site. This is where I assume you are receiving the message about the site certificate.

FIA Card Services is undergoing a great deal a change and development at this time. They are making changes in their Web sites as well. This has made it difficult for us to keep the links relating to FIA Card Services in Fidelity.com in good order. We apologize for this, and we are working very closely with FIA Card Services to stabilize the regularize the situation. This goal will be achieved eventually.
...
We recommend, when you wish to access the FIA Card Services Web site directly in order to pay your bill there, that you go directly to their site by typing in the URL or internet address into the browser address field.
The key is not so much what couch you choose, but that you stay on it. -- boglehead Random Musings. | Wolde ye bothe eate your cake, and haue your cake?(1546)
User avatar
linenfort
 
Posts: 1314
Joined: Sat Sep 22, 2007 10:22 am
Location: Cardiff Electric


Return to Personal Consumer Issues

Who is online

Users browsing this forum: Bengineer, Grateful1, John Z, jrh, Kosmo, munemaker, takingcharge and 59 guests