Home » Financial Stocks » Online Financial Services

What the Online Banking Industry is Missing

by: Greg Boop July 30, 2008

Greg Boop

About this author:

Become a Contributor Submit an Article

Font Size:
Print
Email

A recent report by researchers at the University of Michigan demonstrates that bank and brokerage websites are plagued by security flaws. These widespread design flaws make it easier for accounts to be compromised. According to Finextra, an examination of 214 bank websites revealed that more than 75% have cracks in security that hackers could exploit to access customer information and accounts.

Says Atul Prakash, professor in the department of electrical engineering and computer science: "To our surprise, design flaws that could compromise security were widespread and included some of the largest banks in the country. Our focus was on users who try to be careful, but unfortunately some bank sites make it hard for customers to make the right security decisions when doing online banking."

This should be a cause for concern for all banking customers, the prospect of going online and finding your account cleared out is a nightmare. Security remains the top concern for banking institutions, and regular steps have been taken to improve the situation. The state of affairs is not as dire as outlined by researchers because many of the security flaws are difficult to exploit.

The real issue with the banking industry is the lack of a systematic defined approach to security testing their websites. There needs to be a single standard that all online financial institutions are tested against.

Cisco (CSCO) has some excellent initiatives such as SAFE that improve the security of customer deployments by defining configurations and testing steps that reduce vulnerabilities. The company also has service-focused teams of specialists that aid customers in securing their networks.

During my time at Cisco, I drove an initiative called SITE (Security Integration, Test and Evaluation) which defined a structured process for evaluating potential vulnerabilities, performing boundary and penetration testing, and evaluating the results in a logical matter. This approach was incorporated as part of the quality system and utilized across the company in testing multiple product lines. The process could be scaled from “light” to “heavy” based on the needs of the team performing the evaluation. The use of automation tools for “fuzzing” (sending in deliberately mal-formed packets) and other security testing was crucial for meeting tight deliverable schedules within the framework of SITE. Over the years, the original SITE initiative has evolved and now is included within the scope of other security enhancement programs (run by some real sharp engineers) that raise the standards to even a higher level.

What does the banking industry lack? Basically the online financial industry needs to define a SITE type of initiative and a set of common standards for securing their websites. The problem is not the inclusion of vulnerabilities (which will always pop-up), but the lack of screening for vulnerabilities in a structured manner. Banks do not have a methodical approach to find the vulnerabilities, nor a structured system for ranking and resolving the issues. Most banks are flying blind to what potential vulnerabilities currently exist on their websites because testing has only been performed piecemeal over time.

Banks and brokerages have a lot at stake; losses from compromised accounts continue to mount. It is time to raise the bar in the financial industry and reduce the exposure faced by customers. This requires a change in direction for security practices, and includes a need for information services cooperation between competing institutions. The best approach would be to create a focused team with IT representatives from multiple banks to define a central testing standard utilizing a structured approach for evaluating the security of online banking websites. After adoption, the methodology would need to be driven as a requirement across the industry.

30-Year FRM Rates: Who Says Lower Rates Won't Do Much Good? Jan 09, 2009
Why We Can't Take Mortgage Refinances to the Bank Just Yet Jan 09, 2009
NASDAQ Offers New Index Tracking TARP Companies Jan 09, 2009
High Yield (Junk) Bond Funds: Past, Present and Future Jan 09, 2009
The Case for Lazard: Vive La France Jan 09, 2009

This article has 12 comments:

Jul 30 08:36 AM
This seems pretty alarmist. Security people always have the agenda of making themselves look important. Any legitimate on-line bank or broker sends an E-mail to you when you make a transaction; thus to SERIOUSLY compromise an account, a Chinese spy or Russian capitalist would need to break BOTH your bank account AND your E-mail.
Reply | Link to Comment
Jul 30 09:17 AM
For the author's information, Etrade actually has a toggle system which gives you random code on something like a keychain for certain account levels. Pretty high tech stuff.

FYI.
Reply | Link to Comment
Jul 30 10:13 AM
prescient
it seems like you're talking about a "token," which big banks will give to corporate clients. you can even get one with a paypal account, if you really need to feel secure.
Reply | Link to Comment
Jul 30 10:14 AM
E*Trade does have one of the best approaches to secure "authentication&q... which is let the user choose between user name/password or using an RSA SecurID token. Much better than sites like BofA that use SiteKey or many Credit Union which use a list of security questions in addition to user name/password.

Securing a web site is a much more involved process than just the authentication technology in use. That's what this article addresses. The concern is valid.
Reply | Link to Comment
Jul 30 12:42 PM
CheckFree, the online billpay company listed here as a relevant stock, sold out last year to the bank-tech vendor Fiserv [FISV]
Reply | Link to Comment
Jul 30 02:52 PM
Stephjen, you are correct, I was referring to what Gwinner references.
Reply | Link to Comment
Jul 31 11:09 AM
i have an etrade account that has been compromised recently and it took them forever to send me the RSA token so i was locked out of my account for 1 week in which the financials made a huge comeback where i was heavily invested in some reverse index funds betting against financials and got screwed to a tune of a 20% decrease in my porfolio in a matter of days due to not being able to access my account....no wonder e-trade trades @ 3 bucks...where's cindy reed now?
Reply | Link to Comment
Jul 31 03:03 PM
waf76 what a bunch of Hoey BS and if this happend It's your own fault for not securing your assets prior to setting up your account.... 20% is not that big of deal. Oh yea shorting Financials real smart idea. I Like ETrade and what they have to offer, you will not find a better platform or security out in the market so wht don't you short ETrade it seems this is what you are up to... That's right they all tried to short ETrade and it keeps fighting back. Nothing personal, waf76 but you got it all wrong dude!
Reply | Link to Comment
Jul 31 04:20 PM
Waf76

You are stupid or else. When an account is compromissed they will block it. You will have to call them and they will do a security check with questions and stuff. They will rest the account, and they will give you a free token. Meanwhile you wait for the token you still are able to access your account with the regular log in.

After you receive the token you have to activate it and the log in with the code.
This happened to me once because I logged to my account from a computer in a Apple store.

Reply | Link to Comment
Aug 01 08:27 AM
by the way, my ebroker, tradeking, has a login procedure that features clicking your password on a virtual keyboard. so annoying.
Reply | Link to Comment
Aug 01 07:10 PM
@GO US and SongOsOrNoGo. I've secured my information correctly. While i was able to log onto etrade my account was hidden. I wasnt able to view my account detail or conduct transactions. I did have to call and they restrict access until the security issue is resolved. While you are able to make a trade over the phone it has to be through your case manager, and in my case was she was hard to get a hold of and i was also in Switzerland so not logging onto my laptop really made it difficult for my speculative activities. Phoning in everytime I wanted to make a trade defeated the whole purpose of having an online account. You may disagree with my trading activities but that wasnt the point of my post. You can continually buy up shares of etfc and hope it comes back. I'm sure at some point it will but usually stocks that fall under $5 never come back. So Song, not quite sure why you're calling me stupid, you're the one who logged onto you're etrade account at an Apple Store. At least the reason my account was compromised was due to me logging in from another country.
Reply | Link to Comment
Aug 05 02:24 PM
Talk about loging from another country I constantly trade from Colombia and US. Your statement does not sound nothing like what happens in real life. I have been there that is why I know.
Reply | Link to Comment

Top Rated Comment Streams:

Numbers are net rating-

1.
Hedged In662
2.
John Lounsbury565
3.
Smarty_Pants418
4.
axelrod608314
5.
cos1000277

See all Top 100 »

More by Greg Boop

What the Online Banking Industry is Missing
on Jul 30, 2008
Ignore the Press: Hedge Funds Still a Viable Investment
on Jul 24, 2008
Blockbuster Drops Circuit City Bid: So Toxic that Nobody Wants It?
on Jul 03, 2008 | about CCTYQ.PK,BBI
The Vultures Swoop in on Circuit City
on Apr 15, 2008 | about CCTYQ.PK,BBI

Articles on related themes

Free E-Newsletters
Wall Street Breakfast - Sample Wall Street Breakfast: Must-Know News by SA Editor Rachael Granby Bank trio becomes duo. Wells Fargo (WFC) will become the largest U.S. bank by branches with its bid for Wachovia (WB), after Citigroup (C) withdrew from compromise negotiations late yesterday on concerns about the quality of some of Wachovia's assets. Wells Fargo, with a bid valued at $11.4B, expects the purchase to be completed by the end of the year, and denies it will have to absorb assets shakier than originally thought. Government considers next steps. As the financial crisis continues to worsen, the U.S. government is considering two dramatic steps to turn around, or at least slow, the damage: guaranteeing billions of dollars in bank debt and temporarily insuring all U.S. bank deposits. The moves, which would mark the government's most extensive intervention to date, are in discussion stages only. Credit stays frozen. As frozen credit markets refuse to thaw, the cost of default protection on corporate bonds reaches new global records amid investor concerns the credit crisis will trigger corporate failures as companies struggle to finance their businesses. Interbank lending remains limited, and borrowing from the Fed's expanded discount window continued its trend of setting new highs every week, as the total daily average rose to $420.2B vs. $367.8B last week. Oil demand withers. The International Energy Agency warned Friday worldwide oil demand... Email continues...
The Macro View - Sample Seeking Alpha - The Macro View Market Outlook An Outcry from Emerging and Developed Markets Alike by Jonathan O'Shaughnessy Long Term, Financials Look Good by Michael Filloon Round 3 of the Recession: Main Street by Paul Fekula Oil Price Oil Below $75: Increased Chance of OPEC Production Cuts by Money Morning Oil Down 48% from Highs by Bespoke Investment Group Oil & Gas Headed Lower as Economy Strikes Consumers by Michael Filloon Economy Long Term, Financials Look Good by Michael Filloon Round 3 of the Recession: Main Street by Paul Fekula Reality Bites As Stocks Continue To Collapse by The Mole Email continues...
Investing Ideas - Sample Seeking Alpha - Investing Ideas Cramer's Picks Farewell Financial Bear Raids - Cramer's Mad Money (10/14/08) by SA Editor Joan Wickham Better Picks - Cramer's Lightning Round (10/14/08) by SA Editor Joan Wickham Perhaps Industrials... Cramer's Stop Trading! (10/14/08) by SA Editor Joan Wickham Long Ideas Utilities Beginning to Generate Interest for Longs by Joe Kunkle The Long Case for Encore Capital by Value Investor Insight 2009: The Year of the Channel for SaaS Vendors? by Jeff Kaplan Two Global Infrastructure Investment Opportunities in ETFs by Investment U Market Behaves Sanely - Fast Money Recap (10/14/08) by SA Editor Joan Wickham Short Ideas Why Short Sellers Are the Heroes of Wall Street by Investment U Salesforce.com: Pricey and Coming Down Fast by Charlie Bottle Google: 3Q Results Reveal Chinks in the Armor by Mark Krieger Email continues...
Jim Cramer's Picks -
Sample

Better Choices - Cramer's Lightning Round (10/15/08)

by SA Editor Rachael Granby

Stocks discussed in the lightning round session of Jim Cramers Mad Money TV program,
Wednesday, October 15.

Bullish Calls:

Continental Resources (CLR) -- "This is a remarkable decline. All of the high quality ones are down so much, I can't go against it. This is where you pull the trigger.
3M (MMM) -- The moment this stock starts yielding 5%, I'm a buyer. Until then, keep your powder dry.

Bearish Calls:

Computer Sciences (CSC) -- This is a company that was going to be bought, but they passed up the chance. Now I don't want to buy it."
Annaly Mortgage (NLY) -- I think this is a business model that needs to borrow money. Definitively do not buy."
Northrop Grumman (NOC) -- You can't own the defense stocks right now. If I had to own one, I'd look at Lockheed Martin (LMT) with its good dividend.
Email continues...
Stocks & Sectors - Sample Seeking Alpha - Stocks & Sectors Internet eBay: Q3 Looks Good but Q4 Guidance Disappoints by Greg Feirman Is Google Feeling Lucky? by Sam Gustin Why Today Could Suck for Tech by Kevin Maney Media A Triple Financial Whammy Afflicts Newspapers by Ken Doctor Three Years On, Buying MySpace Looks Like One of Murdoch's Smartest Bets by Erick Schonfeld How Will Arbitron Fare in This Market? by Sreeni Meka Telecom Ten Ways to Invest in Louisiana by Stockerblog Earnings Preview: Electro-Optical Engineering by theflyonthewall.com Shared Docks Via WiFi All the Rage by Dean Bubley Financial Switzerland Strengthens Its Banks; Short Interest Remains Low by Jessica Johnson Reality Bites As Stocks Continue To Collapse by The Mole LIBOR Shows Worst Is Yet to Come for Credit Markets by Keith Fitz-Gerald Email continues...
Global Markets - Sample Seeking Alpha - Global Markets China An Outcry from Emerging and Developed Markets Alike by Jonathan O'Shaughnessy USANA Health Sciences Inc. Q3 2008 Earnings Call Transcript Perfect World Announces Share Repurchase Program by Trader Mark China: Hot Money Inflows Down, Nervousness Up by Michael Pettis India Indian Economy Has Much to Cheer About by Equitymaster India: RBI Cuts Cash Reserve Ratio by Equitymaster India: Markets Continue Downward by Equitymaster Japan Sanyo Enters Thin-Film Market, Goes Up Against Sharp by Greentech Media Asia Four International Dividend Stocks to Watch by David Hunkar Eastern Europe Reality Bites As Stocks Continue To Collapse by The Mole Email continues...
Alternative Energy Investing - Sample Seeking Alpha - Alternative Energy Alternative Energy Seven Stocks for an Impending Apocalypse by H.J. Huneycutt Solar Shares Under Pressure From Credit Crunch and Pricing by Eric Savitz Trina Solar Looks Good, Though Market Yawns by Trader Mark The Electric Car Market: Wise Energy Use Stocks by Tom Konrad Investing in the Power of the Sea
ETF Daily - Sample Seeking Alpha - ETF Daily Sector ETFs Too Early To Buy Homebuilders ETF by Larry MacDonald Utilities Beginning to Generate Interest for Longs by Joe Kunkle Two Global Infrastructure Investment Opportunities in ETFs by Investment U New ETFs First Trust Launches Infrastructure ETF with Global Reach by Index Universe Overview and Analysis of the Global Generic Drug Industry by Mike Havrilla Emerging Market ETFs Brazil Is the Best of BRIC by Carl T. Delfeld Playing the Market in Difficult Times by Jason Hamlin
The Daily Dispatch - Sample Seeking Alpha - Daily Dispatch Wall Street Breakfast Wall Street Breakfast: Must-Know News by SA Editor Rachael Granby US Market An Outcry from Emerging and Developed Markets Alike by Jonathan O'Shaughnessy Wall Street Breakfast: Must-Know News by SA Editor Rachael Granby Housing & Real Estate Too Early To Buy Homebuilders ETF by Larry MacDonald Another 'Root Cause' That Isn't: Tumbling Home Prices by Tim Iacono Transcripts TrueBlue, Inc. Q3 2008 Earnings Call Transcript Polycom, Inc. Q3 2008 Earnings Call Transcript ETF Too Early To Buy Homebuilders ETF by Larry MacDonald
We don't spam

Popular Tools
Stock Market Toolbar
Stock Search Add-on
Power Search
Email Alerts
Live Feeds (RSS)

About Seeking Alpha
About Us
Contact Us
What's New
Readers Feedback
Advertise With Us

Contributors
Contribute an Article
Feature Your Book
Our Contributors
Anonymous Contributions
Dispute an Article?

Legal
Terms of Use
Privacy
Copyright

Seeking Alpha

What the Online Banking Industry is Missing

Greg Boop

Related Articles

This article has 12 comments:

Top Rated Comment Streams:

More by Greg Boop

Stock Market Opinion & Analysis

Seeking Alpha

What the Online Banking Industry is Missing

Greg Boop

Related Articles

This article has 12 comments:

Top Rated Comment Streams:

More by Greg Boop

Most Popular

Most Read

Editors' Picks

Most Commented

Investment Resources

Money Management

Research

Articles on related themes

Online Financial Services

Consumer Credit

Insurance

Investment Banks

Stock Market Opinion & Analysis