On-Line Banking Inadvertant Insecurity

I was in Canada for work. I needed to make an on-line payment for one of my credit cards. I found it odd that the bank’s web page, Citi Bank, showed a different landing page than I was used to. I went to another bank’s page, HSBC, and it was different, too.
I assumed the hotel I was in was compromised or I was. It wasn’t until I returned home and fired up a known good PC that I found the bank web pages were legitimate.
This is a problem the banks need to resolve. Often I find banks change their landing page or authentication methods without notice. It makes it really hard for customers to know when they have a compromised connection versus a cosmetic restyling of their site.
I think banks and financial institutions should make and keep their pages as simple as possible. They can implement methods to verify the page’s authenticity by displaying a custom user image, for example. Banks can reasonably verify users by implementing two-factor authentication
I like Google’s Authentication method for its balance of the transitory to the more permanent. Would I recommend banks implement Google’s solution? Maybe not. But I like the two-factor option for “normal” access and super complex random strings for financial tools like mint.com. If you add in custom reset questions and GeoIP restrictions, it could be effective in most cases.
What are your thoughts? How can banks in the US and other countries improve their security while making their sites more flexible?
This entry was posted in global, personal, privacy, tech by Paul. Bookmark the permalink.

About Paul

I’m a Detroit expat recently returned from Tokyo living in Chattanooga. I’m a consulting security professional and father of two. I promise that my views and politics are mine; not yours or my employer’s or anyone’s. I follow no party or affiliation or anything. My things are released under the Creative Commons Attribution-ShareAlike 4.0 International license unless otherwise stated.

2 thoughts on “On-Line Banking Inadvertant Insecurity

  1. Hello Paul. Although no response found, we hope you were able to get the assistance you required. If not, please feel free to DM us the details at any time. ^Deanna

Be nice with what you write.