Many Banks Provide Insufficient Security Measures in Online Banking

Date September 23, 2007 By Matthew Paulson

Electronic fraud and identity theft are increasingly common problems that many Americans are becoming victim to as more consumers move to do their banking and investing through the internet. Cyber criminals know that if they can gain a consumer’s credentials to get into their online banking or onto their investment account, that they can quite easily empty their victim’s accounts and almost always get away with the theft without any consequences. Unfortunately, many banks aren’t doing enough to prevent their customer’s accounts being accessed by cyber criminals.

According to a study from the USA Today, 50% of individuals are concerned about having their financial information being compromised through the net, and 40% of individuals are performing fewer transactions online because they are worried about the lax security measures being taken by banks.

Out of the eight largest banks in the United States, only one of them has moved to cooperate with federal guidelines created to ensure more secure online authentication. Bank of America is the only one of the 8 major banks in the United States that have adopted real security measures.

99% of banks require nothing more than a username and password to logon to your bank account. This is absolutely inexcusable. If you computer were to be infected with a type of virus called a trojan horse, the hacker who infected you with the virus would be able to monitor your key-strokes and capture your credentials to logon to your online banking system. In addition, if a hacker was using the right tools to monitor the traffic coming from your computer, they would be able to do what’s called a man in the middle attack and decode your username and password as you send it to your bank.

Currently JP Morgan Chase, Citibank, Washington Mutual, Wachovia, US Bancorp and Wells Fargo require consumers to provide nothing more than a username and password to access their online banking services.

Some financial companies are implementing new security features that make it harder for you to have your account stolen, but these are a few and far between. PayPal has recently made a great move to increase the security of their accounts by offering what’s called a security key. It’s essentially a small dongle which generates a number based on an advanced encryption technique and requires customers to enter in that number in addition to their username and password. This has made it much harder for criminals to get into accounts protected by this feature. Other banks are requiring you to answer personal questions about yourself when you sign-on to your account from a computer system other than your own which is definitely a step in the right direction.

Some companies are providing what’s called “site keys” which are specific images so that if you see them when you are typing in your username and password, you know for a fact that you are on their site, and not some scam artist’s site who is attempting to steal your credentials in a phishing attack.

Although there has been some progress in the last few years, most online banks have a long way to go in creating a secure online banking experience for their consumers.

  • Digg
  • del.icio.us
  • Fark
  • IndianPad
  • NewsVine
  • Reddit
  • StumbleUpon
  • Technorati
  • Propeller

Category Posted in technology

Related Content...

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>