Mikey G Ottawa Who watches you surf? image:41973:4::0

A group of researchers from University of Michigan have published a study that would worry anyone who banks online. Nearly 76 % of the banking websites in U S which includes several big banks are vulnerable to security risks . Security flaws in banking websites allow hackers to steal your passwords and valuable account information.

Atul Prakash, Professor at the Department of Computer Science in University of Michigan had conducted the study along with two of his students in 2006. They had examined a total of 214 financial institution websites. The study to be presented at a security conference on Friday says that these security threats cannot be solved overnight with a single patch or upgrade.

Atul Prakash, who led the research team said

Our focus was on users who try to be careful, but unfortunately some bank sites make it hard for customers to make the right security decisions when doing online banking. To our surprise, design flaws that could compromise security were widespread and included some of the largest banks in the country.

The major design flaws found in the study are poor email security, putting a secure log-in box on an insecure web page, as well as putting contact information such as social security numbers email ids etc on insecure pages.

Avivah Litan, a banking security analyst with Gartner Inc commented on the study

Conventional wisdom is that the clients — or PCs — are inherently insecure devices. What this study shows is that the servers — or the bank and other consumer-facing Web sites — are also inherently insecure.