Microsoft's Recall Feature Has Been Reported To Capture Credit Card Numbers Even When Sensitive Information Filters Are Activated

The Recall feature from Microsoft has recently reappeared for Windows Insiders after being withdrawn from its testing version in June due to security and privacy concerns. To address these issues, the newly released version of Recall includes a screenshot encryption feature and, by default, has an "Sensitive Information Filter" setting that can be activated. 

This filter is intended to prevent Recall from capturing any applications or websites displaying credit card numbers, Social Security numbers, or other critical financial/personal information. However, testing conducted by Tom’s Hardware revealed that this filter only functions in certain situations and fails to provide the promised protection. 

The tests indicated that Recall was able to capture screenshots of credit card numbers, even when text such as "Capital One Visa" was present and the sensitive information filter was enabled. Additionally, Recall captured Social Security numbers, names, and birth dates when users filled out loan applications. 

Conversely, the feature did not capture screenshots of credit card fields when testers accessed an online store's payment page. 

In response to these findings, Microsoft issued a statement on its blog, stating: 

"We have updated Recall to detect sensitive information such as credit card details, passwords, and personal identification numbers. When detected, Recall will not save or retain those snippets. We will continue to enhance this functionality, and if you encounter sensitive information that should be filtered based on your context, language, or geography, please inform us through the Feedback Hub. We have also provided an option in Settings that we recommend you enable, which will anonymously share the applications and sites you wish to exclude from Recall to help us improve the product." 

While Microsoft has promised improvements to Recall, the effectiveness of this feature in filtering sensitive information remains uncertain.   

Tag: Capital One Visa Microsoft