Online Banking Security Not So Secure
More and more people today are taking their banking online. Some 42% of internet users do their banking online. Considering that this number is growing every year, banks and credit unions are looking at their online banking security and making sure that they are able to provide safe interactions with their customers. For those that don't do their banking online claimed that their main reason for not doing so is the lack of online banking security. One of the reasons why they feel insecure about banking online is because of misinformation and not knowing the correct information on internet security.
A study from the University of Michigan by Atul Prakash looks at design flaws that many banking sites have today that fail to protect users who don't know the basics about internet security. It looks at design flaws rather than actual application vulnerabilities. Design flaws are different from application vulnerabilities because they are based on decisions that were made when designing the website. Many of these decisions that the designers of banking sites have made promote insecure user behavior and because many users are uneducated about basic internet security, these flaws can be taken advantage of.
Some of the flaws of online banking security that were noted were things such as being able to access the site by using insecure HTTP, being redirected to an untrusted site, low security password thresholds, and emailing confidential data to users. These are all flaws that have been found that if a user is unaware of the risks that these designs pose, can lead to confidential data being leaked.
As far as user password information goes, many of the sites involved in the study don't require password restrictions for users. Having low quality passwords invite themselves to being disclosed by brute-force attacks. But it is also noted that with the introduction of phishing sites and keyloggers, having a strong password doesn't protect against those and many banks find it to be just an inconvenience for their users to force strong passwords. It is also claimed that by enforcing a 'three-strikes' lockout policy when incorrectly typing in a password makes brute-force attacks on low quality passwords unrealistic. But the study finds that even enforcing a lockout policy is not enough if low quality passwords are allowed. Parallel dictionary attacks can be used if a list of usernames are available where a string of authentication requests are run across all the usernames using common passwords.
The study also mentions websites that break the chain of trust. Often times bank websites will redirect to other websites without notice. Regardless of whether these sites are secured by using SSL, many times the certificates used are not affiliated with the bank at all and there is no way for the user to tell if they are still on the banks website or not. This makes it hard for even a knowledgable user to know if they are on a phishing site or not.
As mentioned, other sites present secure login options under insecure webpages. While their site may offer secure logins via SSL and HTTPS, that same webpage may be available insecurely under an HTTP version. While redirection to a secure page may occur, if the user had already entered in credential information under the insecure page, their credentials are at risk of being compromised.
While many sites exhibited 1 or 2 of the noted flaws, there were many on the list that didn't show any flaws and offered very good security. It also went on to note that some of the sites may have even fixed the flaws noted in the study at the time when the study was released.
Aaron Guhl is an IT professional that specializes in security. He frequently writes on his blog regarding security issues to help IT professionals get a better understanding of security in their networks. Visit his website at: http://www.securityenablednetwork.com/?p=121
Related Articles:
Evergreen Systems Announces Interview with Bank Systems and Technology on Asset Management and Release of Asset Management White Paper
Evergreen Systems today announced that Partner Tony Iannetta was interviewed in Bank Systems and Technology's December issue on asset management in banking.
What Are The Effects Of Holding Bank Account And Assets After Bankruptcy
When you go bankrupt life for attaining credit is very difficult. Many companies are wary of loaning money, or even allowing you to open a bank account on the basis of your bankruptcy. You will need to search for a bank that will allow you to open a new bank account. The bank may impose conditions and limits for this bank account. They may limit the amount of money you are allowed to withdraw and state that you need to keep a certain amount in the account to avoid fees.
You Dont Want Bank of America Locations, Join Bank Of America World Wide Web Banking
If you are asking for Bank of America locations and you are finding it not simple, try bank of America online banking instead of looking off line. Online banking services are greatly becoming the way to easily access corporations from any part of the worldI can assure you that with online banking there is not need to look for Bank of America locations.
American Momentum Bank Releases Two New Banking Services
American Momentum Bank has announced the release of two new banking services.
Sutherland Global Services to Provide Data Management Services for Deutsche Bank
Sutherland Global Services, a leading multi-national Business Process Outsourcing (BPO) provider, today announced that it has been selected by Deutsche Bank to provide data management services for its North American operations.
Gold Investment Companies - Investing In Tangible Asset Classes
Everybody wants to choose the best financial solution for his money and the investment scheme that will guarantee the biggest gains and the surest way to get there. There are many investment solutions on the market and as many investment schemes: you can invest your money in stock, in real estate, in mutual funds, gold investment companies. You can choose to invest your money yourself or you can trust your funds to a specialized broker whose job is to find the best solution for you.
Panama Banks Assets and Profits Growing at Record Pace
Introduction - At the end of May 2007 it has been reported that the Panama Banks have collective assets of over $55,000,000,000 (55 Billion dollars). This is 17% higher than the preceding year (2006). Seventeen percent is very respectable growth by any standards.
mFoundry Releases Mobile Banking Product Offering Banks Full Online Banking Functionality Securely via Mobile Devices
Some of the world's largest banks collaborate with mFoundry to bring mobile banking to mainstream wireless consumers in 2007
Offshore Banking As Asset Protection
An offshore bank account will allow you to securely and personally explore, with few restrictions, the far reaches of the immense and diverse financial universe; from the relationship markets of Korea to the stock transactions of Eastern Europe; from ultra-private Liechtenstein trust arrangements to the most financially good funds; from unique commodity investments to Caribbean corporations; from Israeli nanotech start-ups to ancient European blue-chips; from the strange and secretive world of offshore mutual funds to tax-free Swiss gold accounts; from Isle of Man Insurance contracts to Danish multi-currency paid into accounts; from one of a kind structured tax-free Austrian money to Bulgarian mortgages; and much more further on. Diversify ...
Wholesale Banking - Banking For Merchant Banks And Other Financial Institutions
Wholesale banking is often defined as banking services which are provided between merchant banks and other financial institutions Although, wholesale banking is also a term referred to the wide range of financial services that are provided by financial institutions to various businesses and corporations as well as the government
