Web banking security flaws 'widespread'

By

Three out of four financial institutions at risk, claims report.


Research by the University of Michigan has found that 75 per cent of online banking sites have at least one design flaw that leaves customers exposed to cyber-crime.

The study, conducted by Professor Atul Prakash from the Department of Electrical Engineering and Computer Science, and doctoral students Laura Falk and Kevin Borders, examined the websites of 214 financial institutions in 2006.

The report found that the design flaws causing the problems were not bugs that can be fixed with a patch.

"To our surprise, design flaws that could compromise security were widespread and included some of the largest banks in the country," said Professor Prakash.

"Our focus was on users who try to be careful, but unfortunately some bank sites make it hard for customers to make the right security decisions when doing online banking."

Design flaws uncovered in the study included:
  • Placing secure login boxes on insecure pages
  • Putting contact information and security advice on insecure pages
  • Having a breach in the chain of trust, with customers redirected to another site
  • Allowing inadequate user IDs and passwords
  • Emailing security-sensitive information insecurely

Professor Prakash acknowledged that some banks may have taken steps to resolve these problems since the data was gathered, but that overall there is still a lot of need for improvement.

He claimed that the flaws leave cracks in security that hackers could exploit to gain access to private information and accounts.

Geoff Sweeney, chief technology officer at Tier-3, said that the study confirms the case for behavioural analysis as a part of business IT security software.

"E-banking offers companies a high degree of convenience, but the risks for businesses are far greater than for consumers, as business balances held in bank accounts can easily run into four or five figures," he said.

"Some banks are reported to have reworked their sites as a result of the team notifying them of their problems, but I suspect that many will take time to change their portals."
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:
bankingflawssecuritywebwidespread

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?