RSSBanking Web Sites Insecure Due To Poor Design
By Daya Baran at July 23, 2008 0 Comments
A new report by the University of Michigan has uncovered significant security problems with online banking and financial web sites.
The flaws stemmed from the flow and the layout of the sites. For example, nearly half of the banks were found to have placed secure login boxes on insecure pages, putting customers at risk of hitting spoofed pages.
Fifty-five percent of the sites were found to have contact information and security advice on insecure pages, which could allow an attacker to change an address or phone number that could be used to gather customer information.
Thirty percent of the sites redirected customers to a site outside the bank’s domain without warning, and 28 percent allowed customers to use weak or inadequate user IDs and passwords, the study found. And more than 30 percent offered to e-mail passwords or statements to customers.
The web sites of over 200 financial institutions that were part of the study more than 75 percent of the web sites were found to have at least one design flaw that could put customer data at risk.
Tags: online services, web design
