BusinessWeek Logo
Security Holes At The Online Bank

By Mara Der Hovanesian

Security Holes At The Online Bank

Hacker intrusions into bank Web sites are relatively rare, according to the FDIC. But the risk is there, warns Atul Prakash, a University of Michigan computer science professor who studied 214 sites. His 2006 survey, presented at the July 25 Symposium on Usable Privacy & Security, found 75% of sites vulnerable to hacking, with two big worrisome trends: log-in boxes placed on insecure pages on a bank’s domain and the use of third-party vendors that transfer customers to insecure outside pages (via, say, a “Contact Us” link). “Banks should try to keep the site on a single domain,” Prakash says, adding that users should look for a url starting with “https” on pages asking for sensitive personal data. The “s” signals an extra security layer.