Most Bank Sites Insecure, Says Recent Study

Online banking makes life easier, at least for those of us comfortable with the idea of transacting money from the home or office. Like most people, I assume that my bank's website is an extremely secure site, rigorously monitored to protect my money. Along with many other people, I may have been wrong.

A University of Michigan study released last week suggests that, of 214 financial institutions' websites, every one had design flaws and over three-quarters contained at least one flaw that could potentially put customers at risk. (Source: cnet.com)

One of the larger problems seems to be the placement of secure login boxes on insecure pages, thus negating the utility of the secure login and creating the possibility that clients could enter their personal information onto "spoofed pages".

55% of the sites investigated also contain confidential information on insecure pages. This could allow piracy of personal information, which could be used to obtain personal client information or access funds. Other faults included sites that didn't prompt users to enter more secure passwords or IDs that transferred clients to different domains without warning.

The study's organizer, computer science professor Atul Prakash said, "To our surprise, design flaws that could compromise security were widespread and included some of the largest banks in the country...[o]ur focus was on users who try to be careful, but unfortunately some bank sites make it hard for customers to make the right security decisions when doing online banking." (Source: informationweek.com)

Although most of the design flaws identified by Prakash and his team require more than a quick fix, he cautioned against boycotting online banking altogether. Most of the flaws, he advised, are difficult to capitalize on and the majority result from insecure Internet connections, such as a hotel network.

The University of Michigan study did not release the names of the institutions included in the research, but it is likely that every major financial institution in North America is scrambling today to ensure it can promise customers the most comprehensive security available.