Online banks not secure enough

ACCORDING TO A NEW study, online banks are still failing to stand up to the thread of identity theft, despite bucketloads of "we're secure" promises.

Security research and publishing company Heise Security says that four out of seven online banks which were warned of major security issues on their websites have failed to secure their sites, a month after the warning.

Although some of the warned have made changes on their sites to fix the flaw, the majority have made no changes whatsoever, leaving avoiding phishing scams solely in the hands of their customers to deal with.

The original test by Heise shows that there have been no changes to the websites of banking bigwigs Cahoot, the Bank of Scotland and First Direct. National Westminster has taken a few steps, says Heise, although it is still apparently vulnerable to frame spoofing scams. Frame spoofing is a popular phishing technique that appears in an e-mail to be genuinely from a bank and will call up the correct page from a bank, however, once the details are stored in the user's computer, the dastardly phisher will manipulate the information for his or her own ends.

The Link and the Bank of Ireland have fixed their sites, says Heise. The Bank of Ireland has stuck in a script that can detect spoofed frames and will redirect to an error page. The Link has abandoned using frames altogether, which is a fool proof way to avoid frame spoofing, says Heise.

A report made by the Association for Payment Clearing Services, which is an organisation that keeps on the lookout for online banking fraud, mentioned that about half a million Brits would happily click away on unsolicited e-mails. So, it would appear, there's work-a-plenty to be done. µ