Does Your Bank Care About Online Banking Security?

By: Blue Panda | Date posted: April 11, 2008 (11:08 am) | Write a Comment (3 Comments)

This is a guest post by Green Panda’s husband, Blue Panda.

Alex Papadimoulis wrote two articles about online banking security on his Information Technology-related humor blog that struck home with me. The first article was on the deficiencies of the new trend in logging in to online banks, which he calls Wish-It-Was Two-Factor (since it isn’t really two-factor authentication). The second expands on it with a specific poor implementation of two-factor authentication. While Alex’s blog is primarily humorous, he does take the time to point out serious pitfalls in the IT world. In this case, it’s about a false sense of security.

An increasing number of banks have been following Bank of America’s lead in adding security features to their own online banking sites. After all, if people perceive another bank to offer safer online banking, then they may move to that bank. The problem is that Bank of America’s features don’t offer greater security. If anything, they can be somewhat less secure, as a New York Times article on a study of site images explains:

Rachna Dhamija, the Harvard researcher who conducted the study, points out that swindlers can use their dummy Web sites to ask customers those personal questions. She said that the study demonstrated that site-authentication images are fundamentally flawed and, worse, might actually detract from security by giving users a false sense of confidence.

RSA Security, the company that bought PassMark last year, “has a lot of great data on how SiteKey instills trust and confidence and good feelings in their customers,” Ms. Dhamija said. “Ultimately that might be why they adopted it. Sometimes the appearance of security is more important than security itself.”

Now, I never liked the security questions to begin with, because I can’t always remember what the answers were. As Alex points out:

Users are asked to pick from all sorts of different “secret questions,” ranging from “In what city is your vacation home?” to “What is your second-favorite post-modernistic European novel?” And if they’re lucky, users can actually remember what answers they gave and figure out exactly how they typed them in.

How many ways might someone enter “East First Street”?

The user can’t always avoid questions which might have ambiguous answers. Often, several of the questions the site asks don’t apply to me, forcing me to make up “close” answers for one or more of them. Now I have to remember which “close” answer I gave whenever those questions appear.

But how secure are these answers? Anybody who knows me has a pretty good idea as to the possible answers. Fundamentally, the answers are just easy-to-guess passwords.

It’s a shame that many online banking sites seem to be more interested in the “appearance of security” than actual security. Of course, the criminals who want get past any security measures in place aren’t going to be fooled, so you don’t want to get lulled into a false sense of security.

If the security measures at your bank’s web site bothers you, let the bank know that you don’t feel safe with the security it has implemented. After all, it’s your money. And if the bank still cares more about looking secure than actual security, do you really want to trust them with your money?

Share and Enjoy:

Hello there! If you are new here, you might want to subscribe to the RSS feed for updates on this topic.

Related Posts

Welcome Alpha Consumer Readers! Photo Credit: by alborzshawn Welcome! If you're visiting from US News' AlphanConsumer, thank you for visiting my blog. The post was inspired by my last 2 apartments. Here's an overview of some of my most popular posts to get started: Banking Does Your Bank Care About Online Banking Security?......
HP Special Deal: $300 off Coupon In case you're starting the semester soon and you're looking to buy an HP laptop, I have a code that can get you some money off and some great upgrades. If you're in the market for something portable and powerful, the HP Pavillion dv6 may just be what you're looking......

Here are Some Other Great Thoughts

Keeping Your Money Safe On the Internet: 10 Methods You Can Ensure Online Banking Security Got money? That makes you the most attractive person on the internet, even more so if you regularly conduct business online. To keep your identity and money safe, here are 10 methods you should use to ensure your banking security online: 1.Computer code, types of viruses, analysis software, Security software......
What is a Bank CD? Before comparing interest rates or buying a CD at the bank, come to an understanding on how Certificates of Deposit work. Rules and Regulations of Bank CDs CDs, commonly known to many as bank certificates of deposit, are issued by many different banks. CDs are tightly regulated via state and......

Tags: bank security, online banking, online security

This entry was posted on Friday, April 11th, 2008 at 11:08 am and is filed under Banking. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

3 Comments

Comment by Jake Stichler — April 22, 2008 @ 10:54 am

Here’s a fun story: There’s a local bank around here that I am not a customer of. My credit union referred me to them for a service that the CU couldn’t provide. At the time, I was still using one of my domain names for email, and I always used unique email addresses for every website (as everything came to the same box) in an effort to track where I’m getting spam from. So, I contacted this bank twice using their online form, and using the email alias’ lvfb@ and lvfb2@. They were, of course, able to provide me with the service requested, free of charge. However, wouldn’t you know, months later, I got a few phishing emails for their parent bank to those email addresses. I contacted them immediately, and they said they were aware of the problem, as other customers had gotten the same emails. They then of course recommended actions *I* should take to secure *my* computer. However, I may as well have been talking to a wall when I tried to explain to them several times that the information was somehow being intercepted on their end, NOT mine, due to the fact that I am not a customer of theirs or their parent bank. The only parties that should have known my email addresses used in correspondence between the bank and I, are the bank and I. They just didn’t seem to understand that someone could have gotten my email from them and not from me. Oh well, conclusion: Don’t use that bank for anything if they can’t even handle keeping my email address secure.
Pingback by Welcome MSN Readers | Green Panda Treehouse — July 27, 2008 @ 9:50 am

[...] Does Your Bank Care About Online Banking Security? [...]
Pingback by Reporting Missing and Stolen Check Cards — November 9, 2009 @ 11:06 am

[...] security questions were from my credit report. I found a couple questions bad to ask such as the birth month of a [...]

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

« How to Use Credit Cards Wisely

Rebuilding An Emergency Fund »

Subscribe To Blog

Financial Resources

Search The Site

Categories

Newsletter

Popular Posts

Personal Finance Blogs

Does Your Bank Care About Online Banking Security?

Recent Posts

Blog Archives

About Us