[Dataloss] Fringe: e-banking not yet secure

macwheel99 at wowway.com macwheel99 at wowway.com
Fri Jul 25 01:45:45 UTC 2008

Security flaws plague majority of e-banking sites 

Over 75% of banking Web sites contain fundamental design flaws that could 
put customers at risk from cyber thieves, according to a study (of 214 bank 
web sites)conducted by researchers at the University of Michigan.

The flaws are not bugs that can be easily fixed with a patch, but are 
systemic, stemming from the flow and layout of the sites.

47% placed secure login boxes on insecure pages.

55% put contact information and security advice on insecure pages.

Some banks use social security numbers or e-mail addresses as user IDs. 

28% don't state a policy on passwords, or allow weak passwords.  

31% e-mail passwords or statements to customers. 

30% redirect customers to a site outside of the bank's domain for certain 
transactions without warning.


More information about the Dataloss mailing list