 |
|
|
As the number of people carrying their daily business online
grows, so does the risk of being exposed to less secure usage, due to design
flaws in financial-related websites, a study conducted
by the University
of Michigan concluded after examining the websites of 214 U.S. financial institutions
between November and December 2006.
According to a survey by Pew Internet, 42 percent of all
Internet users bank online. Unfortunately, 76 percent of the websites analyzed
were found to suffer from at least one design flaw, which appear not to be
widely understood, even by experts responsible for web security, the study
shows.
Out of the 214 websites surveyed, 30 percent of them were
found to break the chain of trust, 47 percent of them presented a login page on
an insecure page, 55 percent of them presented contact and other sensitive
information on insecure pages, and 31 percent of them allowed e-mail addresses
as user names. Only 24 percent of all websites were found to be completely free
of any design flaws.
Based on the high occurrence of secure usability design
flaws on financial websites, the authors believe that the experts in charge of these
institutions do not test for them. This makes users vulnerable to
social-engineering and offline attacks as a result of their information being
displayed on an insecure page.
The study revealed that while most financial websites today
take traditional steps to secure their websites, most of them remain inadequately
protected against security usability design flaws, which can prevent users from
making proper security decisions.
Atul Prakash, professor in the Department of Electrical
Engineering and Computer Science and co-author of the study, pointed out that
the design flaws discovered were not only widespread, but included some of the
largest banks in the country. “Unfortunately, some banks sites make it hard for
customers to make the right security decisions when doing online banking.”
According to a recent FDIC Technology Incident Report,
computer intrusions contributed to a $16 million loss in the second quarter of
2007, also showing a 150 percent increase between the first and second quarter
of the same year. In 80 percent of the cases, the intrusions occurred during
online banking.
© 2007 - 2009 - eFluxMedia