75% of Banks have Serious Website Flaws
The University of Michigan surveyed more than 200 bank websites and found that 75 percent had
a flaw that could contribute to a loss of money or identity.
While the survey was done in 2006, it is only recently being published. And these are not
software patch issues. The problems identified involve the flow and design of the websites
themselves. Issues could be that a secure log-on box is requesting information on an unsecure
page. While they note that some of these problems may have been resolved, there are still many
issues that place customers at risk today.
The study also uses FDIC reports that reflect a 150 percent increase in SARs filed for
computer intrusion. At an estimated $30,000 loss per incident, this equates to a $16 million
loss in the second quarter of 2007 (the period the FDIC reported on) alone.
The design flaws that the survey was looking for included:
• Placing secure login boxes on insecure pages
• Putting contact information and security advice on insecure pages
• Having a breach in the chain of trust
• Allowing inadequate user IDs and passwords
• E-mailing security-sensitive information insecurely
It may be time to review your website and see where you stand.
For more, read the article on the
href="http://www.ns.umich.edu/htdocs/releases/story.php?id=6652"> University of Michigan News
Service.
a flaw that could contribute to a loss of money or identity.
While the survey was done in 2006, it is only recently being published. And these are not
software patch issues. The problems identified involve the flow and design of the websites
themselves. Issues could be that a secure log-on box is requesting information on an unsecure
page. While they note that some of these problems may have been resolved, there are still many
issues that place customers at risk today.
The study also uses FDIC reports that reflect a 150 percent increase in SARs filed for
computer intrusion. At an estimated $30,000 loss per incident, this equates to a $16 million
loss in the second quarter of 2007 (the period the FDIC reported on) alone.
The design flaws that the survey was looking for included:
• Placing secure login boxes on insecure pages
• Putting contact information and security advice on insecure pages
• Having a breach in the chain of trust
• Allowing inadequate user IDs and passwords
• E-mailing security-sensitive information insecurely
It may be time to review your website and see where you stand.
For more, read the article on the
href="http://www.ns.umich.edu/htdocs/releases/story.php?id=6652"> University of Michigan News
Service.
posted by Michele at
11:56 AM
0 Comments:
Post a Comment
<< Home