Jul 24 2008   1:12PM GMT

Maybe I should just keep my money under a mattress?

Rachel Lebeaux Rachel Lebeaux Profile: Rachel Lebeaux

There have been a lot of scary bank-related headlines the past couple of weeks, but I have to say that this one frightened me more than most: “Security flaws in online banking sites found to be widespread.”

According to a study by the University of Michigan, more than three-fourths of bank websites surveyed have flaws that can allow hackers to easily gain access to customers’ personal information.

“To our surprise, design flaws that could compromise security were widespread and included some of the largest banks in the country,” said Atul Prakash, a professor in the university’s Department of Electrical Engineering and Computer Science. “Our focus was on users who try to be careful, but unfortunately some bank sites make it hard for customers to make the right security decisions when doing online banking.”

Some of the most common banking website flaws, the study finds, include:

  • Placing secure login boxes on insecure pages.
  • Putting contact information and security advice on insecure pages.
  • Having a breach in the chain of trust.
  • Allowing inadequate user IDs and passwords.
  • E-mailing security-sensitive information insecurely.


I was very proud of myself a few years ago when I set up centralized online access to all of my checking, saving and money market accounts. It made me feel more in control of my own money. And – in part because I don’t want to overdraw, and in part because I worry that a cyberthief who gains access to one could potentially access them all – I check their status almost every day.

Now, after seeing this study, I’m thinking twice a day.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: