Wednesday, December 9, 2009

Almost Half of US Banks Leave Customers Unprotected

From Finextra: 





US banks failing to protect online customer interaction - Javelin Nearly half of large US banks are leaving themselves unprotected against hijacking of online customer data, according to Javelin Strategy & Research.





Javelin analyzed the home and log-in page security at the top 24 US financial institutions, for SSL/TLS or EV-SSL encryption, which it says are critical for guarding against compromise by insertion of incorrect links or information. 



Editor's Note:  Technically, SSL is lame and EV-SSL can be compromised, but not using it is essentially the same as allowing hackers an inside view to authentication credentials.  This is NOT acceptable.  It's time to two factor authenticate without the typing.  It's time to require online banking log-in by swiping the existing card and entering the existing PIN using existing bank rails.  Banks trust it to disperse cash in non face-to--face authentication at an ATM.  HomeATM replicates that process.  Swipe Card,Enter PIN.



The research shows that 46% of the firms have an opportunity to more fully protect "contact us", "help", or other interaction pages against criminal hijacking.



Furthermore, one in five sites uses easy-to-guess authentication information such as date-of-birth, e-mail addresses, and ZIP codes while just one in four requires users to choose a new password longer than six digits.



Continue Reading at Finextra





Reblog this post [with Zemanta]

Disqus for ePayment News