First, seems that this kind of "virtual keybord" is, by design, weak.
The data posted to the webserver is the same as the content on the
IPIN field (there is no such a encoding or another thing to mask what
was typed). A more secure example of a virtual keyboard can be found
at:
The data posted to the webserver is the same as the content on the
IPIN field (there is no such a encoding or another thing to mask what
was typed). A more secure example of a virtual keyboard can be found
at:
https://www2.bancob...
[ more ]