Windows 11’s Recall still takes screenshots of credit cards

Microsoft's Recall feature has returned to Windows Insiders builds, complete with screen encryption and a sensitive information filtering setting. The latter prevents any apps or websites that contain credit card numbers, insurance policies, or other sensitive financial information from being recorded. However, in testing, this filter only works in a limited number of cases.

Recall Timeline. Image credits: Microsoft

This behavior of Recall was observed when filling out a PDF loan application in the Microsoft Edge browser, as well as when creating a custom HTML page with a web form that included fields for the credit card type, number, CVC, and expiration date. Recall has recorded everything. It also captures notes in Notepad that contain credit all card data.

At the same time, Recall properly excluded the checkout pages of two online stores, Pimoroni and Adafruit, from being captured.

Microsoft representatives said to Tom's Hardware: "We have redesigned Recall to detect sensitive information like credit card information, passwords, and personal identification numbers. If detected, Recall does not save or store these snapshots. We will continue to improve this feature, and if we find any sensitive information that should be filtered, please let us know via Feedback Hub. We have also provided an option in Settings, which we recommend enabling, to anonymously share apps and sites that you would like to exclude from Recall, to help us improve the product."

The problem with Recall is that it digitally records everything you do. Researchers previously noted that it does not encrypt the screenshots it takes and stores its database in plain text. Microsoft subsequently removed Recall from Insider builds, promising to bring it back after security-related changes are made.

The new version of Recall has a "Sensitive Information Filter" enabled by default and appears to encrypt the data it collects, requiring Windows Hello authorization when launching the app. The only way to view Recall screenshots is to use the application itself.

Recall protected with Windows Hello. Image credits: Microsoft

However, it is worth noting that Windows Hello supports PINs in addition to biometric authorization. If someone accidentally peeks at the PIN code, he will be able to access the stored card data.

Support us

Winaero greatly relies on your support. You can help the site keep bringing you interesting and useful content and software by using these options:

If you like this article, please share it using the buttons below. It won't take a lot from you, but it will help us grow. Thanks for your support!

Author: Sergey Tkachenko

Sergey Tkachenko is a software developer who started Winaero back in 2011. On this blog, Sergey is writing about everything connected to Microsoft, Windows and popular software. Follow him on Telegram, Twitter, and YouTube.

Leave a Reply

Your email address will not be published.

Exit mobile version
Using Telegram? Subscribe to the blog channel!
Hello. Add your message here.