Over seventy-five percent of banking web sites examined by researchers at the University of Michigan were found to have design flaws that make it easier for identity thieves to trick customers.

The researchers found that many banks silently redirect users to third-party sites, plop “secure login” boxes on insecure Web pages, and improperly use Social Security numbers or e-mail addresses — which an outsider can figure out — as default user names.

Practices like these can make it harder for the user to notice when they have been directed to a phishing site. Even more careful users might tire of checking to see if the login box posts to a secure site. Then, phishers have a better chance of catching someone off guard as opposed to sites that keep customers on their toes.

I suggest going with a bank whose online banking makes it easy to check for authenticity. You should be able to tell by looking at your address bar or status bar if the site is secure. You should be able to easily check the details of the server’s certificate. You should not have to dig for this information.

Also, be careful about trusting a site because of information it might present to you. Having your SSN show up in the User ID box or presenting an image to you that you previously selected are not terribly impressive feats. Use them as reminders to double-check the site’s authenticity.

This entry was posted on Wednesday, July 23rd, 2008 at 9:41 pm by Mike Markiewicz and is filed under data protection. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.