‘Widespread’ US web banking security flaws
Recently published research by the University of Michigan has found that 75 per cent of American online banking sites have at least one design flaw that leaves customers exposed to online crime.
The study, by Atul Prakash from the Department of Electrical Engineering and Computer Science, and students Laura Falk and Kevin Borders, looked during 2006 into the security of websites of over 200 financial institutions.
The report found that the design flaws causing the problems were not simple bugs that can be fixed with a patch, but went far deeper.
“To our surprise, design flaws that could compromise security were widespread and included some of the largest banks in the country,” said Professor Prakash.
“Our focus was on users who try to be careful, but unfortunately some bank sites make it hard for customers to make the right security decisions when doing online banking.”
The design flaws uncovered in the study included:
• Inadequate user IDs and passwords
• Placing contact details and security advice on insecure pages
• Placing secure login boxes on insecure pages
• Breaching the chain of trust, by redirecting customers redirected to other sites
• Emailing security-sensitive information insecurely
Derrick Cameron, MD of UK based IT firm Eximium comments “The review work was carried out over time and I’m sure that many of the issues highlighted have now been rectified. However, UK banks and other businesses holding secure information about their customers must never become complacent.” He adds, “As long as people hold valuable financial data online, others will try to steal that information for financial gain. Regular checks and improvements need to be made and this report from America shows what can happen if this isn’t done properly.”
This entry was posted on Wednesday, September 24th, 2008 at 8:40 am and is filed under Business Advice, Data Security, IT Advice, News . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
