[Dataloss] Fringe: e-banking not yet secure
macwheel99 at wowway.com
macwheel99 at wowway.com
Fri Jul 25 01:45:45 UTC 2008
Security flaws plague majority of e-banking sites
http://www.finextra.com/fullstory.asp?id=18764
Over 75% of banking Web sites contain fundamental design flaws that could
put customers at risk from cyber thieves, according to a study (of 214 bank
web sites)conducted by researchers at the University of Michigan.
The flaws are not bugs that can be easily fixed with a patch, but are
systemic, stemming from the flow and layout of the sites.
47% placed secure login boxes on insecure pages.
55% put contact information and security advice on insecure pages.
Some banks use social security numbers or e-mail addresses as user IDs.
28% don't state a policy on passwords, or allow weak passwords.
31% e-mail passwords or statements to customers.
30% redirect customers to a site outside of the bank's domain for certain
transactions without warning.
http://www.finextra.com/fullstory.asp?id=18764
More information about the Dataloss
mailing list