Survey findings by University of Michigan presented this summer showed that more than 75 percent of 214 financial institutions’ Web sites examined in 2006, including some of the largest banks in the nation, had at least one security vulnerability that placed customers at risk of cyber-thievery. Surprisingly, these weren’t unexploited software holes in need of patches but fundamental Web site security design flaws:
• 47 percent had secure log-in boxes on insecure pages;
• 55 percent placed their contact information and security advice on insecure pages, opening the door for thieves to change the phone number or address to one of their own and take customer information when the latter calls or writes;
• 31 percent gave an option to users to receive sensitive information, including passwords, statements or links to them, via e-mail;
• 28 percent allowed weak passwords and easy-to-guess user IDs (e-mail addresses and Social Security numbers);
• 30 percent redirected customers to an outside Web site for certain transactions without warning.
When banking online, make sure the pages on which you list or receive sensitive information are secure. Check the internet address for those pages. Those addresses will begin with https rather than http. Check the bank’s contact information against that listed in a telephone book. Finally, when you change pages, keep an eye out for a different look or different address for the Web site; this shouldn’t occur if you have not received a trusted-site security message on the screen from your bank.