Study says bank Web sites leave clients vulnerable to theft

When you hop on the Internet to check your online bank statement or pay some bills, do you ever wonder how secure your bank's computer network is? A new study claims most bank Web sites are vulnerable to identity theft.

A study done by Atul Prakash, a professor at the University of Michigan who teaches in the department of electrical engineering and computer science, found that more than 75 percent of 214 financial institutions checked in 2006 had at least one design flaw that could open up online bank users to potential identity theft.

Each discovered flaw simply isn't a bug or security hole that can be easily repaired with a patch. For example, Prakash and his research team found that 47 percent of the banks placed secure login boxes on insecure pages, 55 percent of those tested put contact information and other sensitive data on insecure pages, and many banks still use Social Security numbers or e-mail addresses as user IDs or passwords for logins.

Also discovered during the study, 30 percent of the banks had a "break in the chain of trust," which means they would redirect clients to other Web sites where a different security certificate was required.

"To our surprise, design flaws that could compromise security were widespread and included some of the largest banks in the country," Prakash said in a press statement. "Our focus was on users who try to be careful, but unfortunately some bank sites make it hard for customers to make the right security decisions when doing online banking."

Prakash's findings will be presented during a meeting of privacy experts tomorrow at Carnegie Mellon University.

Although the FDIC says check fraud and mortgage fraud are still more serious problems than computer intrusion among US financial institutions, the issue is getting worse. According to an FDIC Technology Incident Report of 536 filed cases of confirmed computer intrusion, the average loss per case was $30,000. Furthermore, the number of computer intrusions reportedly grew by 150 percent between the first quarter of 2007 and the second quarter.