Most on-line banks unsafe to use.

[no1_vern]

An article on Ars Technica talks about a new study that highlights issues of using on-line banking sites.

Quote:

A new study (PDF) presented at the Symposium on Usable Privacy and Security indicates that the web sites of major financial institutions continue to suffer from basic design flaws that make it difficult for their users to determine whether a given action is secure.

Quote:

The analysis didn't focus on security holes, per se, but on site design practices that could leave users vulnerable to various attacks. As the team put it, "Design flaws differ from typical software bugs that can be fixed by applying patches. Design flaws are a result of decisions made during the website design phase, such as how to implement security features. These design decisions promote insecure user behavior."

-SNIP-

For example, nearly 30 percent of the sites the researchers examined performed what they termed a "break in the chain of trust."

-SNIP-

Roughly half the sites requested login information on an insecure page.

-snip-

Many sites provided insecure access to critical information.

-snip-

Overall, only a quarter of sites were free from any of these security issues, while nearly 70 percent suffered from two or more.

I really like my on-line banking, but as soon as I can, I will be talking to my bank to see if they have any of these issues.

[Atomic Rooster]

Quote:

To that end, they have notified every one of the institutions of their findings. Given that the study took place at the end of 2006, the companies have had plenty of time to implement improvements; the results of a follow-up study would provide a better idea of which companies take their responsibilities towards their users seriously.

It would be nice to know which bank sites suffered from these "security issues".