E-Banking Sites: Design Flaw That Leaves Customers Exposed to Cybercrime

Structural E-Banking Security Flaws Confirm Business Case for Behavioural Analysis IT Security Technology

(28.07.08) - Research by the University of Michigan - which discovered that 75 percent of e-banking sites have at least one design flaw that leaves customers exposed to cybercrime - confirms the case for behavioural analysis as a part of business IT security software, says Geoff Sweeney, chief technology officer with Tier-3.

"The research, which surveyed some 214 US e-banking sites, is notable as many of the site flaws cannot be fixed by a software patch, but are structural in nature. Short of many of the site operators designing their portals from the ground up it is likely there is no short-term fix," he explained.

Because of this, Sweeney says that businesses and providers should install behavioural analysis security technology if they make use of online banking services, as many firms do these days.

"E-banking offers companies a high degree of convenience, but the risks for businesses are far greater than for consumers, as business balances held in bank accounts can easily run into four or five figures," he said.

"Professor Atul Prakash and his team plan on revealing the details of their in-depth research this coming Friday and it will be interesting to see how their paper is received. Some banks are reported to have reworked their sites as a result of the team notifying them of their problems, but I suspect that many will take time to change their portals," he added.

Against this backdrop, Sweeney says that companies that use online banking services should install behavioural analysis security technology to add an intelligent layer of technology to interpret their data and protect their systems against e-banking cybercrime - and any other form of unknown security threats.

"We've said for some time that behavioural analysis is an intelligent safety net for companies looking to protect themselves against unknown - as well as known - security threats. This is an example of that type of threat which can easily escape the attentions of conventional security software. This research clearly confirms the vulnerability of any enterprise that chooses not to monitor the behaviour of their systems and users for unusual activity," he said.

For more on the University of Michigan's e-banking research: http://www.ns.umich.edu/htdocs/releases/story.php?id=6652. (Tier-3: ra)