ACM TechNews
Security Flaws in Online Banking Sites Found to Be Widespread
University of Michigan News Service (07/22/08) Moore, Nicole Casal
More than 75 percent of bank Web sites had at least one design flaw that
could expose online banking customers to cybercriminals looking to take
their money or even identities, revealed a University of Michigan (UM)
study. UM computer science professor Atul Prakash and doctoral students
Laura Falk and Kevin Borders examined the Web sites of 214 financial
institutions in 2006. The researchers said the vulnerabilities came from
the layout of the Web sites and included placing log-in boxes and contact
information on insecure Web pages, or failing to keep users on the site
they initially visited. Prakash says some banks have taken steps to fix
these problems since the study was conducted, but overall there is still a
significant need for improvement. "To our surprise, design flaws that
could compromise security were widespread and included some of the largest
banks in the country," Prakash says. "Our focus was on users who try to be
careful, but unfortunately some bank sites make it hard for customers to
make the right security decisions when doing online banking." Some of the
design flaws Prakash's team looked for included placing secure login boxes
or contact information on insecure pages, redirecting customers to a site
outside the bank's domain for certain transactions without warning,
allowing inadequate user IDs and passwords, and emailing security-sensitive
information in insecure emails. The research was presented at the fourth
Symposium on Usable Privacy and Security, which was held July 23-25, 2008,
at Carnegie Mellon University.
http://www.ns.umich.edu/htdocs/releases/story.php?id=6652
© Copyright 2008 Information, Inc. This service may be reproduced for internal distribution.