Bank is considered to be safe place; online banking sites are considered to have a strong security as well. But are things always the same as we think they are?
A study in University of Michigan revealed shocking facts: there was at least single design vulnerability in more than 75 percent of online banking websites. And each of those flaws could make customers lose money or even identities. The researches were surprised that vulnerabilities were that common even on the most reputable websites.
One of the most dangerous vulnerability was redirecting to third-party websites. It’s not necessarily a bad thing, however a customer using a banking site can’t possibly know if the new website is safe or not. If he decides to trust the third-party website, he might burn his fingers because of trusting the bank and everything related to this institution. The redirection trick is often used by malicious toolbars, trojans and other malware. Redirecting to other websites is wrong choice for online banking because it confuses website’s visitors.
The other flaw was using SSL (secure socket layer) protocol only on several pages and leaving login pages unsecured. 47 percent of banking websites made their customers vulnerable by letting average hacker to harvest the login data.
31 percent of banks emailed security-sensitive data insecurely. Emailing passwords, statements and links to sensitive information is not a wise move.
Allowing insecure login names and passwords is also a practice that should be avoided by online banking website, yet 28 percent of banks thought differently. It’s easy to remember your login or password when those are the same as your social security number or email address. But those are also easy to find by others. Someone can even guess login information if it’s simple like that. The 28 percent allowing insecure IDs and passwords includes banking websites that allows weak passwords. A website that is concerned about customer’s security won’t let him use password identical to login name or other passwords that can by guessed easily.
The researchers are going to publish detailed results of this study on July 25.