Bad Design of Banking Sites a Security Risk, Experts Say
A new study out of the University of Michigan says that many banking Web sites are poorly designed and put customers' data at risk. Although the sites aren't necessarily full of security holes or exploitable code, researchers say many banking sites encourage bad surfing practices. The problem is that banks often ignore standard security design features that security experts encourage Web surfers to look for.Many banking sites redirect customers to outside Web sites without warning or place "secure" log-in boxes in the middle of insecure sites. Some sites were even found to be using e-mail addresses and Social Security numbers as user names, which could be relatively easily figured out. Even if the log-in box itself is secured and the information transmitted is encrypted, using a secure log-in box on an insecure page trains surfers not to bother looking for the tell-tale SSL padlock icon in the address bar, which indicates that a site is secure and the owner is legitimate.
All of these poor choices encourage Web habits that security experts have been trying to break users of for years. So next time you get caught up in a phishing scam you can blame it on the banks, just like you blame your problems with men on your daddy issues. [Source: USA Today]
