U of M Study: Most Bank Web Sites Flawed
A new University of Michigan study finds that more than 75 percent of bank websites had at least one design flaw that cannot be fixed with a patch and could make customers vulnerable to cyber-thievary.
Atul Prakash, a professor in the Department of Electrical Engineering and Computer Science, along with a pair of doctoral students, examined the Web sites of 214 financial institutions in 2006.
The flaws center around the layout of websites and the placement of log-in boxes and contact information, as well as the failure to keep customers on the initial website they visited. The flaws are not things that can be fixed with a patch. Prakash said some banks may have taken steps to resolve these problems since this data was gathered, but overall he still sees much need for improvement.
He got the idea for the study after noticing problem with his own bank's website. "To our surprise, design flaws that could compromise security were widespread and included some of the largest banks in the country," Prakash said. "Our focus was on users who try to be careful, but unfortunately some bank sites make it hard for customers to make the right security decisions when doing online banking." The flaws leave cracks in security that hackers could exploit to gain access to private information and accounts.
The FDIC says computer intrusion is a growing problem for banks and their customers.They will present the findings for the first time at the Symposium on Usable Privacy and Security meeting at Carnegie Mellon University July 25.
A new University of Michigan study finds that more than 75 percent of bank websites had at least one design flaw that cannot be fixed with a patch and could make customers vulnerable to cyber-thievary.
Atul Prakash, a professor in the Department of Electrical Engineering and Computer Science, along with a pair of doctoral students, examined the Web sites of 214 financial institutions in 2006.
The flaws center around the layout of websites and the placement of log-in boxes and contact information, as well as the failure to keep customers on the initial website they visited. The flaws are not things that can be fixed with a patch. Prakash said some banks may have taken steps to resolve these problems since this data was gathered, but overall he still sees much need for improvement.He got the idea for the study after noticing problem with his own bank's website. "To our surprise, design flaws that could compromise security were widespread and included some of the largest banks in the country," Prakash said. "Our focus was on users who try to be careful, but unfortunately some bank sites make it hard for customers to make the right security decisions when doing online banking." The flaws leave cracks in security that hackers could exploit to gain access to private information and accounts.
The FDIC says computer intrusion is a growing problem for banks and their customers.They will present the findings for the first time at the Symposium on Usable Privacy and Security meeting at Carnegie Mellon University July 25.
0 comments