Research by the University of Michigan has found that 75 per cent of online banking sites have at least one design flaw that leaves customers exposed to cybercrime. Their findings revealed that the design flaws causing the security problems were not bugs that could be fixed with a patch.
Design flaws that could compromise security were widespread and included some of the largest banks in the country. Design flaws uncovered in the study included:
* Placing secure login boxes on insecure pages
* Putting contact information and security advice on insecure pages
* Having a breach in the chain of trust, with customers redirected to another site
* Allowing inadequate user IDs and passwords
* Emailing security-sensitive information insecurely
The flaws leave cracks in security that hackers could exploit to gain access to private information and accounts. Some of the flawed banking websites are already being reworked. However, the need for diligence on the part of banking and information technology is notable. Continually sending IT work to the lowest bidder in a foreign country is not always the best option for data and business security. The bottom line is that banking safety and security cannot be assumed by banking customers.
