Design Flaws Hamper Online Banking Security
Researchers at the University of Michigan are reporting that 75% of 214 online banking sites had significant design flaws. At first this did not sound surprising, assuming the design flaws were minor tradeoffs between security and usability but that wasn't the case.
"To our surprise, design flaws that could compromise security were widespread and included some of the largest banks in the country," [lead researchers] Prakash said. "Our focus was on users who try to be careful, but unfortunately some bank sites make it hard for customers to make the right security decisions when doing online banking."
The design flaws included: placing secure login boxes on insecure pages, placing contact information and security advice on insecure pages, breach in the chain of trust when the bank redirects customers to a site outside the bank's domain, inadequate user IDs and passwords, and e-mailing security-sensitive information insecurely.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
