Over a week after I notified the tech support of my bank that I had stumbled across a basic security flaw in their web site, the flaw is still there. I was informed that this would be taken seriously, but this doesn't seem to be the case. So what next...? I will contact them again and see if they can do something this time, but I hold little hope. Even if I threaten to move my account, I get the impression that this would never get to the ears of someone who cares, or understands the implications of the flaw...perhaps the press is the only way to get something done...
Anyway I'll keep you informed...