The insecurities of online banking
An Internet security analyst works to reverse a bug.
TEXT OF STORY
Bob Moon: A University of Michigan researcher is presenting a report today on online banking security-or rather, the lack of it. Fully 75 percent of the banks he studied had dangerous design flaws in their Web networks that could compromise crucial customer data -- like account information, user logins, and passwords. Mitchell Hartman reports.
Mitchell Hartman: Denise Johnson perches on a comfy chair at a Portland coffee bar, surfing the web.
Denise Johnson: It's a site of cute pictures of cats doing things.
Hartman: And would do your banking online?
Johnson: Not on an open wireless network, no.
Johnson knows not to send her personal login or username into unsecured cyberspace. But computer science professor Atul Prakash says many bank Web sites could be compromising that very same personal information. They have unencrypted login pages that could lead customers into the hands of cyber-thieves.
Atul Prakash: What we found is that it would be very easy for an attacker to set up a page that looks exactly identical to your bank's Web site. You would have no way of knowing that you were not at your bank's Web site.
Prakash's advice: Make sure your online banking session starts and stays at a site that begins HTTP-S. That "s" means it's secure, protecting your information and your money.
I'm Mitchell Hartman for Marketplace.