|
Data security came under the microscope at the University of Michigan with regard to banking practices recently, and the findings were quite disturbing. Researchers noted that over three quarters of banks actually train their customers to use insecure practices while they are banking, by doing things like redirecting them to third party websites without a flag, putting secure login boxes on insecure pages, and using email addresses or social security numbers as default user ids, many of which remain unchanged for months or years after an internet banking account is set up.
The study examined 214 US banking institutions, and found that just over three quarters of them - 76% - had design flaws that would either allow access by hackers, or trained customers through design flaws to ignore insecure practices. However, in the interests of protecting customers at these banks, they will not publicize which institutions leave your computer network security vulnerable.
Atul Prakash is a professor of computer science and engineeering who helped prepare the report. He says We want banks to make the right decisions, so that people who are trying to be careful can do online banking securely. A banking security analyst with Gartner Inc, Avivah Litan, agrees, and goes one step further, saying Conventional wisdom is that clients - or PCs - are inherently insecure devices. What this study shows is that the servers, or the bank and other consumer-facing websites, are also inherently insecure.
Some of the faults noted with the data security practices of the banks included putting secure login boxes on insecure web pages. This was one of the biggest problems, as even if the login boxes send and receive information through SSL (Secure Socket Layer) technology, if the full page itself isnt protected with the technology, it is diffiuclt to tell whether the site is real or fake. SSL encrypted web pages show a padlock icon in the address bar, and show not only that the page is secure, but that the sites owner is legitimate and their security certificate is current. If only the login box is secured, the padlock icon will not appear in the address bar, and as far as customers know, they are entering insecure information.
One of the other large problems that was found with the data security of online banking instititutions was that they often redirect customers to third party sites, for example partner sites for bill paying, without notifying the customer. These third party sites could be copied by hackers, and since customers have become used to entering information into a site that isnt their banks, their banking details are at risk.
The insecurity of information which we often assume to be sacrosanct was recently exposed, when hackers broke into Citibanks network of ATMs housed by Seven-Eleven stores. They were able to steal customers PIN codes, netting the alleged thieves millions of dollars, as revealed in court recently. This demonstrates that even if your private computer network security is good, disturbingly, your information is still at risk.
This scam was possible because of the ATM systems infrastructure, built on Microsofts Windows, as this allows machines to be remotely repaired after diagnosis. Industry standards call for the strongest possible encryption on PIN codes, however, they seem to be vulnerable while in transit between the computers that process the trnsaactions and the automatic teller machines.
Businesses are advised to engage registered IT consultants and network security services to help protect their banking information, or risk lengthy proceedings to reclaim money.
Data protection came under the microscope at the University of stops with regard to banking practices recently, and the findings were quite disturbing. Researchers noted that over three quarters of banks actually train their customers to use insecure practices while they are banking, by doing things like redirecting them to third party websites without a flag, putting batten login boxes on insecure pages, and using email addresses or social security numbers pool as default user ids, many of which remain unchanged for months or years after an cyberspace banking account is set up.
The study examined 214 US banking institutions, and found that just over three quarters of them - 76% - had intention flaws that would either allow memory access by hackers, or trained customers through contrive flaws to ignore speculative practices. However, in the interests of protecting customers at these banks, they will not publicize which institutions leave your information processing system network security department vulnerable.
Atul Prakash is a professor of data processor science and engineeering who helped prepare the report. He says We want banks to make the right decisions, so that people who are stressful to be heedful can do online banking securely. A banking security analyst with Gartner Inc, Avivah Litan, agrees, and goes one step further, saying ceremonious wisdom is that clients - or PCs - are inherently risky devices. What this study shows is that the servers, or the bank and other consumer-facing websites, are also inherently insecure.
Some of the faults noted with the data protection practices of the banks included putting assure login boxes on insecure web pages. This was one of the largest problems, as even if the login boxes send and receive information through SSL (Secure socket Layer) technology, if the full page itself isnt secure with the technology, it is diffiuclt to tell whether the site is real or fake. SSL encrypted web pages show a padlock icon in the address bar, and show not only that the page is secure, but that the sites owner is legitimate and their security credentials is current. If only the login box is secured, the padlock icon will not come out in the name and address bar, and as far as customers know, they are entering risky information.
One of the other large problems that was found with the data security department of online banking instititutions was that they often redirect customers to third party sites, for example partner sites for bill paying, without notifying the customer. These third party sites could be copied by hackers, and since customers have become used to entering information into a site that isnt their banks, their banking details are at risk.
The insecurity of info which we often assume to be inviolate was new exposed, when hackers broke into Citibanks network of ATMs housed by Seven-Eleven stores. They were able to steal customers PIN codes, netting the alleged thieves millions of dollars, as revealed in court recently. This demonstrates that even if your secret computer network surety is good, disturbingly, your information is still at risk.
This scam was conceivable because of the ATM systems infrastructure, built on Microsofts Windows, as this allows machines to be remotely reconditioned after diagnosis. Industry standards call for the strongest possible encryption on PIN codes, however, they seem to be vulnerable while in pass over between the computers that march the trnsaactions and the automatic teller machines.
Businesses are advised to hire registered IT consultants and meshwork protection services to help protect their banking information, or risk prolonged minutes to reclaim money.
.
About the Author (text)www.datacraft-asia.com - The leading independent IT services and solutions company in Asia Pacific. Datacraft combines an expertise in networking, security, Microsoft solutions, storage and contact centre technologies to craft IT solutions for businesses.
best free people finder
|
|
SIGN
UP FOR FREE
