A new study from the University of Michigan about security problems with financial Web sites found that banks are failing to protect customer data. In fact, 75 percent of the Web sites of more than 200 financial institutions were found to have at least one design flaw that could put customer data at risk.

According to CNET.com, Atul Prakash, a professor in the university’s Department of Electrical Engineering and Computer Science, and two doctoral students examined 214 financial institutions in 2006. They found that every single one of them, including sites from some of the largest banks, had at least one flaw, stemming from the flow and layout of the pages, that can’t be fixed with a software patch, like many vulnerabilities and bugs can.

For example, nearly half of the banks placed secure login boxes on insecure pages, putting customers at risk of hitting spoofed pages.

Fifty-five percent of the sites were found to have contact information and security advice on insecure pages, which could allow an attacker to change an address or phone number that could be used to gather customer information.

This entry was posted on Wednesday, July 23rd, 2008 at 5:34 pm and is filed under Atul Prakash, Data Breach, Department of Electrical Engineering and Computer Scien, ID Theft, ID Theft Prevention, Identity theft prevention, University of Michigan study, customer data, id theft prevention, id theft protection, identity fraud, identity theft, identity theft complaints, identity theft laws, identity theft protection, security breach. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.